Leave it to tech entrepreneurs to turn bad news into good news.
For most of us, our passwords are the keys to our entire digital lives. The bad news is that we’re losing the race to keep these passwords safe from hacker attacks. Making up a secure yet memorable password used to be a matter of picking a random word or two and throwing in a couple of numbers—say, “fid0bark5.” But today, hackers have so much computing power at their disposal that almost any password simple enough for a human to memorize can be decrypted in seconds.
To be truly secure, a password should be so long and so random that it couldn’t be deciphered even if the encrypted version stored by your bank or your e-mail provider fell into the hands of a hacker. But a password that lengthy is effectively impossible to keep in your head, let alone type in every time you login at a website. I’m talking about jumbles that sound like FedEx tracking numbers—for example, “lxgJSN4F6BvAK6HTUfMo” or “PASzYFweX8sbACYgB8hN,” just to use two 20-character strings that I generated randomly using Wolfram Alpha.
So what’s the good news? It’s that designers, engineers, and entrepreneurs have been thinking hard about the problem. And they’re finally coming up with solutions that can help average consumers put less of their precious brainpower toward remembering passwords.
|The Xperience Key to the Top Password Managers|
|Dashlane||Mac, Windows, iOS, Android||Free, $20 for sync feature||dashlane.com|
|LastPass||Mac, Windows, Linux, iOS, Androd, Blackberry Windows Phone, WebOS, Symbian||Free, $12/yr for mobile sync support||lastpass.com|
|1Password||Mac, Windows, iOS, Android||$49.99||agilebits.com/ onepassword|
|PasswordBox||Chrome, Firefox, Safari, iOS, Android||$12/yr||passwordbox.com|
|PasswordGenie||Mac, Windows, iOS, Android||$15/yr desktop, free on mobile||securitycoverage.com/ passwordgenie|
|RoboForm||Mac, Windows, Linux, iOS, Android, Blackberry||$19.95/yr||roboform.com|
|SplashID||Windows, Mac, iOS, Android, Windows Phone, Blackberry||$19.95 desktop/$9.99 mobile||splashdata.com/ splashid|
This week I’ve been testing a new consumer-oriented service, PasswordBox, that can make up strong passwords and then remember them for you across the Web, whether you’re using Safari, Chrome, or Firefox, and whether you’re surfing from your PC or your mobile device. Once you’ve entered your existing online passwords into PasswordBox or created safer new ones, all you have to remember is one master password. Then, to log into a password-protected site, you just click on the site’s icon on the PasswordBox menu.
The service is both secure and extremely easy to use—a combination that’s been lacking in most previous password-management software. It has an unusual “legacy” feature that allows you to designate a friend or family member to take over you’re accounts in the event of your death. It works on iOS and Android phones, and because it’s cloud-based, any change in your passwords is reflected immediately on all of your devices. And perhaps best of all, it’s cheap ($1 per month, and free for life if you get five friends to sign up).
There are many other dedicated password management programs to choose from (see the table above); they’re all better than trying to memorize passwords on your own. But ultimately, even systems like PasswordBox can’t guarantee that your online data will always be safe, or that hackers will never find a way to drain your bank account, run up your credit card bill, or wipe your cell phone. For one thing, there’s still that master password: if someone else gets it, you’re back where you started.
To achieve the next level of security, many security pundits say, we’ll probably need to abandon passwords altogether and adopt two-factor authentication, biometric technology, or other schemes. Wired senior writer Mat Honan, the victim of a much-publicized 2012 hacker attack, says “The age of the password has come to an end; we just haven’t realized it yet.”
Be that as it may, there’s still going to be a long transition period. So it makes sense to investigate services like PasswordBox that can boost your protection, while easing the burden of remembering all your old-fashioned alphanumeric passwords.
In a way, you can think of the password crisis as a design failure. The sins for which consumers are constantly berated—picking short, easy-to-guess passwords; using the same password on multiple sites; keeping the same passwords for years; or, God forbid, writing down your passwords on paper and carrying them in your purse or wallet—seem unavoidable in a world where every service from your frequent-flyer account to your dentist’s appointment portal requires authentication. A 2007 study by Microsoft Research found that the average Web user had 25 accounts that required passwords, but had only 6 actual passwords, meaning that each password was being shared each across four or more sites. And that was before the mobile-apps explosion; the numbers would doubtless be even more disturbing today.
The reason it’s such a bad idea to reuse passwords is that one successful breach could allow a hacker to infiltrate all of your accounts. Browser makers have tried to help by adding features that offer to remember multiple passwords, but they only work for selected sites, and with the exception of Firefox, they don’t sync across your desktop and mobile devices. The system built by PasswordBox—a San Francisco- and Montreal-based startup that opened its system to the public this week after more than a year of private beta testing—can remember an arbitrary number of passwords and log you in using the right one each time you visit a secure site, whether you’re using your computer or your phone.
Here’s how it works. When you sign up, you download an extension for your browser and give PasswordBox a master password; it’s becomes the key to the virtual chest where all your other keys will be stored. Then you input the usernames and passwords you use at all your usual haunts on … Next Page »
By posting a comment, you agree to our terms and conditions.