Whilst pure unadulterated security is a myth in this day and age, there are a number of steps you can make to reduce the risk of being hacked. In this little series I’ll explore these simple steps, starting with Password Managers
At first glance it may seem superfluous to have a password manager, but this is far from the case. Even with the rise of biometric devices such as fingerprint scanners on new smartphones or a banks scheme to use a users heartbeat as proof of identity, passwords still remain the most widely used form of authentication. However with people having such passwords as ‘password1’ or worse still, giving away their password on television (see youtube video), it pays to understand how nocuous a weak password can be. Using brute-force algorithms its not that hard for a ordinary computer to crack your password. howsecureismypassword.net illustrates how a good password (e.g ‘BKbN74yqOiri’) will take a normal desktop PC thousands of years to crack, whereas emblazoning your beloved cat with a password of ‘Charlie‘, will be cracked instantly. Password managers handle the menial work of creating strong passwords for all your online forms, only requiring you the user to remember one password to enter the “main vault” where it keeps all your passwords collectively. Here I will explore 5 Password Managers which I think you should seriously consider:
oneID
oneID came across as a pleasant surprise. So fervent is their pursuit to free the world of password drudgery that you don’t even need a password to register an account with them. Just enter your email, reply to the subsequent confirmation email, and viola, account activated. oneID uses secret keys on a users device to identify them instead of usernames and passwords. This key encrypts/locks your data and its this encryption which is saved into the oneID cloud. So as long as you’re signed into oneID on your device, logins are handled by this interoperability between device key and their cloud. If data was to be stolen from their cloud it would be useless without the secret key on your device. This atleast is the password-free future of oneID. They do acknowledge that in 2015 usernames and passwords are very much the norm, hence they’ve built a conventional password manager whilst they concoct their master plan
A neat feature to their password manager is two factor verification, where you can choose to first be prompted on your mobile device before it logs in to any website. Another nice feature is the ability to lock/unlock your Mac computer using their Apple Watch or iPhone app. Though the password manager maybe a bit underwhelming this is certainly one company to look out for in the near future
Pros: easy to use website, quick and simple to sign up. They also have a nice clean iOS and Android app. The future may just be oneID
Cons: Only could find a Google Chrome extension. They’ve promised more desktop browser extensions in the future. Also poor app and browser integration. As far as I could see it only works on the Safari mobile browser and I struggled to find apps which support oneID
1Password
1Password supports all major browsers and has apps for both iOS and Android devices. Together with passwords you can store bank numbers, credit cards, notes and generally anything else that needs to be clandestine. To login on a browser all that’s required is for you to click on the 1Password extension, enter your password, and it will auto-fill the form you choose. 1Password has done well in getting developers to integrate 1Password into their apps. Nearly all the apps I use all support 1Password (if they don’t, I’m sure they’ll soon join the bandwagon). A nice little feature I quite like is the ability to share password vaults. So you can have one vault which is solely for your personal use, and the other where the entire family can access the passwords in that particular vault. The free version of 1Password accepts a maximum of 20 items in your vault, to upheave this cap you’ll need to purchase one of their many bundles
Pros: Broad app integration. Easy to setup and use
Cons: Browser extension does require a couple of clicks to auto-fill forms, as opposed to oneID’s automatic login
StickyPassword
At first glance StickyPassword seems like any ordinary password manager; excellent browser support on all major platforms, works on your PC, Mac, Android / iOS tablets and smartphones, strong password generator, auto-fills forms and so on. However where StickyPassword excels is in its other core features. Features like its breadth of synchronisation options it offers users. With StickyPassword you’re not just given the industry default of cloud data synchronisation, you’re also given the choice of offline synchronisation either using your local Wifi or manually. This means your encrypted data potentially never has to leave your device, making your data that much hacker proof. Even your master password isn’t saved on their servers. This is relevant especially considering the revelations that befell a certain password manager about a month ago (will be revealed in final fifth manager). The free version is pretty neat, but for total awesomeness go for the premium version; $19.99 for 1 year or $69.99 for lifetime access (not sure which other password manager also offers a lifetime access)
Pros: help save manatees
Cons: on their sites home page they claim 60 seconds is all it takes to watch their intro video…the video is actually 112 seconds. Not a good way to begin a relationship built on trust and honesty is it now
Dashlane
Dashlane have quite a few top draw features that distinguishes them from their contemporaries. They obviously have the standard auto-filling forms, support for all major platforms, easy to use extensions for all major browsers (even the not so major IE!). Dashlanes killer feature has to be its ability to change all your passwords for you. Personally, on a Windows laptop this ‘Password Changer’ button proved to be quite illusive, but even in its absence the Security Dashboard still provided plenty of password changing tools. It lists all the passwords in your account and alerts you of weak or reused ones. Changing these is as easy as clicking one button and being guided (with the help of the Dashlane browser pop-up) through the websites ‘change your password’ page. You also get alerts if a certain password has been compromised, limiting the harm that could be done by the breach
It also packs a useful secure digital wallet, saving screenshots of every purchase made using your digital wallet and storing them to help you keep track of your expenses. Password & Expenses Manager all in one
Upon registration you get 30 days worth of free Premium service (worth %39.99/yr), which mainly adds synchronisation between different devices. After the 30 days the free version doesn’t sync the different entries you make between different devices
Pros: Easy to use and setup. The process of importing all your data from your incumbent manager (e.g. 1Password) to Dashlane is a modicum of clicks away. Easy password creation, replacement and monitoring is its huge drawing card
Cons: couldn’t find the ‘Password Changer’ button on the Windows application. So I still don’t know how Bill changed 80 passwords in less than a minute!
LastPass
LastPass is our final contender, and maybe our most controversial. LastPass allows the usual Password management services and has the benefit of supporting every single major platform (Windows, Mac, Linux, Chrome, Firefox, Opera, Safari, IE, iOS, Windows Mobile, Blackberry, Android…). The thing that supersedes all these technical nuggets (and makes a nice dramatic end to our list) is the fact that they themselves were hacked recently. Hackers were able to obtain users email addresses and other security elements used to encrypt their data, causing LastPass to urge their [remaining] users to change their master passwords
This saga prompted plenty of discussion on the credibility of these firms whom we entrust all our confidential data. It does beg the question why has a previously hacked password manager firm made it into my ‘How to NOT get hacked’ list? Well if anything this unfortunate event only asserts the necessity of having a password manager. Even with this breach on their servers, hackers were still unable to retrieve any data from the vaults which obtain all the generated passwords. Even if obtained, the data would be entangled with layer upon layer of encryption that most experts agree that in such a case your data will still be safe.
Pros: even after the hack, majority of user data was kept from harm. A testament to their rigid security measures
Cons: they were still hacked though…
CONCLUSION
I personally am stuck between 1Password and Dashlane. Having been a long time 1Password user I’ve recently switched to Dashlane and am contemplating whether to opt for the premium service after my 30 day free trial (coming from a guy who’s also thinking of creating another Apple account to get an extra 3 months free Apple Music subscription, this is highly unlikely)
However its worth mentioning one password manager I omitted from the list; KeePass. Its raison d’être? Its open source. Why is this a big deal? Well you can check the source code to make sure they’ve implemented the encryption algorithms correctly yourself. Completely pointless for the technically illiterate, but as they state on their website, “Public security is always more secure than proprietary security”. It didn’t make my list as I assume its one for the more technical minded. Unless you can read their source code you’re probably better of trusting a commercial password manager firm to handle the backend security implementations. The choice is totally yours. Only thing I would advise is that whatever you do, do not NOT get a Password Manager