Those of you that have been with us for a while will recognize this post; it’s a re-post from September 2014. Some may not have seen it before, and it’s information worth repeating. I’ve tweaked it with some updated information so it is still relevant. Please let us know if you have any questions; we can help you implement a password management solution if you are interested.
How many passwords do you have? Wait, let me rephrase that: How many websites or applications do you have to enter a password into? “What’s the difference” you might ask. The difference is huge.
If you have one password (or maybe a couple) that you use for everything, you make a hacker’s job that much easier. Once they get a password for one login, it’s just a matter of trying the same credentials on other popular websites. And if all your passwords are the same, it won’t take them long.
Here’s another question: How strong is your password? How long will it take a hacker to crack it? I challenge you to find out; chances are you’ll be surprised. Head over to Intel’s Password Game. It will tell you how many days (or years) it would take for a hacker to crack your password, and has tips on how to create a strong password. Here are some examples:
- password = 8 characters = 0 seconds to crack
- [email protected]$$w0rd = 8 characters w/ upper case, lower case, numbers, and special characters = 4 hours to crack
- zh4p!Wm^Sm72zAsvFz& = 19 characters w/ upper case, lower case, numbers, and special characters = 144,883,728,284 years to crack
Now, you’re probably thinking “How am I supposed to remember multiple complex 19 character passwords? There’s no way!” Unless you’re Rain Man, you’re probably right. Nicole and I have over 250 sites that require a username and password to log into. I’m not always the sharpest tool in the shed, but I’m no slouch either. I know for a fact I can’t remember that many passwords, let alone think up a unique password for each site. Writing passwords down in a notebook is okay, right up to the point that it gets lost or stolen.
We use a password manager from Marvasol, Inc called LastPass. It remembers our passwords so we can get on with more important things in life. We use one complex password that we both can remember to secure our vault. On top of that, we have multi-factor authentication enabled by using Google Authenticator on our smart phones. Not only would someone need to guess our super secret password, they’d need to have our fingerprint or phone’s passcode in order to get into Lastpass.
The data is stored in the cloud, protected by 256-bit encryption. Passwords and sites sync between all our devices (iPhone, iPad, computers, etc) so we never have to worry about forgetting a login. The best part? LastPass comes with it’s own password generator, which lets you define the length of the password, and which characters should be included (numbers, upper & lowercase letters, and symbols). That’s how I came up with “zh4p!Wm^Sm72zAsvFz&”.
This isn’t a sales pitch. You won’t find LastPass in our Affiliates section. There are other password managers out there that perform the same basic function. PC Magazine did a review on many popular apps which you can read about here. Notice Lastpass is listed in the top two.
Take the time to evaluate your password situation. If you use the same password (or a variant thereof) and someone nefarious figures it out, how much of your life are you going to lose? Worse yet, if you’re using easy to crack passwords, or the same password on multiple sites, how much are you going to lose to hackers?