Password Safety Problem

PasswordsPasswords are convenient. They are probably the oldest form of authentication. People have invented some useful replacements for passwords, such as fingerprint and retina authentication, tokens and one-time PINs, and sometimes such implementations are really warranted. But in most other cases – for online banking, say – it is in my opinion that using old good passwords is the best choice. Some may argue that authentication by password only is not very safe, but in reality there’s very little advantage of token or one-time PIN authentication over passwords when it comes to Internet services…

Yes, stealing a password and using it for malicious purposes might be easier to do than to overcome a two-factor authentication, but modern malware easily overcomes these barriers, thus only making their customers pay for all those expensive authentication devices and pretending they’re well protected. But there are a couple of problems with passwords. First, too many, if not most, people do not use good passwords – they’re still prone to creating too easy passwords to remember, and then they use those passwords for everywhere they have authenticate, i.e. the same password for their email, social networking, online banking, iTunes, grocery store, pizza delivery, and everything else which they use online. And it is very understandable that people want to make password management easy by simply using something they can readily remember, but there’s a much better, safer, and actually even easier way to manage passwords! If you use only a couple of passwords for dozens of services, then if someone somehow gets your password from any of those services, they’ll be able to access all other services for which you use this same password. Clearly, you don’t want to be this vulnerable.

Most Web browsers today have the feature of recording your logins and passwords, but if you use more than one browser on a regular basis, this may not be the best option for you. Moreover, browsers are not as reliable in terms of storing personal data, and are not as organized as some alternatives are.

So what we want to ensure is two simple things. First, we want to use complicated (i.e. difficult to impossible to crack) passwords for whatever services we use, and those passwords must be unique for each service. Second, we don’t want to remember all those passwords, and we want them to be stored securely. It is possible to make up strong and complicated passwords, to record them in files and store on a drive. But to easily solve this problem, we will use special software, and today we’ll review two programs that fulfill this purpose.

color-firefox

RoboForm toolbar in Firefox

Roboform window

Roboform window

The first program is called RoboForm. Not only does it let you conveniently and securely record and store passwords and generate complicated random passwords, but to also fill out any previously recorded or your general data in website forms. This saves a lot of time and hassle. RoboForm is available for Windows, Mac, iOS, and Android. RoboForm looks like a toolbar embedded in your browser interface, but it can also be launched as a separate window for management purposes. I started using this software since 2007 or so, but I switched to 1Password later, when I started using Mac back in 2011. As far as I remember, the reason for switching lied in a certain lack of features or complete unavailability of RoboForm for Mac. Today, though, this is not an issue at all, and both pieces of software are about as good. 1Password looks like a small key icon in the toolbar of your browser, and can also function as a separate window for data management purposes. It’s also available for all these major desktop and mobile platforms.

key_icon

1Password Tool

1pass_gen

1Password Generator

Finally, we need to touch upon something similar for Linux. Today Linux is a good choice as a desktop system, because, among other things, it’s open source and it’s much better for privacy than a Windows or a Mac system, even though it still lacks some convenience of usability and there’s narrower availability of software for this platform. In fact, I’ve been thinking lately about making Linux my main desktop system. I haven’t tested password management software for Linux, but here’s a useful link for you, where several such programs are described, and links are provided for your perusal: http://alternativeto.net/software/1password/.

As the conclusion to this article, I’m happy to say that now there’s one more tool at your disposal which you can use to make your life a little safer, decreasing the probability of unfortunate outcomes related to personal data theft.