Do you use the same passwords for multiple websites? Do I need to tell you why this isn’t a good idea? Let me give you a recent example. A really big and popular website had their user account database hacked. Don’t ask which one, because this happened to more than just one site and it’s going to happen again and again. The hackers published a list of 300,000 or so email addresses, which were also the usernames. They then listed the top 20 passwords that people used, showing that we’re not as unique at creating passwords as we like to think. The hacked company, besides fixing the vulnerability in their system, also disabled the users’ accounts, then emailed all their users and required them to change their passwords, which is a perfectly fine response to take. As if this situation wasn’t bad enough, many other companies scanned the list for email addresses that matched users in their own systems, and then disabled THEIR accounts and required password changes, because they felt their users might have used the same password in their system too.
Clearly, we all suck when it comes to password security. Here’s how to do better and not also want to pull your hair out.
First, stop using the same password for multiple websites. Next, go download and evaluate 1Password. 1Password can keep track of the passwords you create, or it can generate complex passwords automatically. With 2 keystrokes you can be logged in to any website where you have an account. 1Password can also automatically save login details when you register for new websites. For years this was a “must have” application for Mac users. It’s now available for iPhone, iPad, Windows and Android users too. You create one master password to unlock your 1Password file and never worry about remembering passwords or account numbers again. 1Password also records software licenses and purchase information, notes your need to keep secure, credit card accounts, membership numbers for frequent flyer programs, hotel and rental car loyalty programs, even your passport number. It’s a pretty handy tool once you commit to actually using it. It will automatically keep the info in sync across multiple devices by using iCloud or Dropbox.
So how is this different from LastPass? Well, you’re in control of your data. That’s the big thing. You can choose to keep your password file only on your computer, but you better be backing up with something like Mozy if you choose to work that way. A little better is to synch your data (securely, of course) to Dropbox or iCloud. Now you can also access all your passwords from your smartphone or iPad as well. Away from your computer and phone but need to log onto a website? You can go to your iCloud or Dropbox account on the web (okay, yes, you’ll have to have your password memorized for that site as well. That’s the price you pay for leaving your phone at home. Give me a break; there’s always a tradeoff between security and flexibility. You have to choose how far you want to go one way or the other). Where was I? So you’ve logged in to iCloud or Dropbox and now there’s a web version of 1Password you can run to get to those passwords. It’s protected by the same master password you use for the 1Password app.
$49.99 for Mac or Windows versions with a combo of both for $69.99, but the smart deal is the combo family pack (5 users) for $99.99. $17.99 for iPhone/iPad. 30 day free trial for the desktop versions. A free trial is available.