After the recent Heartbleed vulnerability became news, many of us are concerned about the security of our data on the web. Tech Talker describes some easy tools to safeguard and manage all your passwords (no memory tricks necessary).
Now that the Heartbleed bug is mostly fixed across the internet, let’s take a look at the wake produced by this online fiasco.
Here at Quick and Dirty Tips, we’ve covered the Heartbleed bug in a blog post by yours truly and in a podcast by the Get-It-Done Guy. These summarize really well exactly what happened and how your data was vulnerable.
As I’m sure you’ve noticed, almost every company that you've accessed online has sent you emails telling you to reset your password just in case it was intercepted by a hacker. This is a great time to bring up password management and how exactly you should go about changing and managing your passwords.
Both the Get-It-Done Guy and I have done a number of episodes on the topic, but today I want to tackle some specific apps that will help you to manage your passwords easily..
Why You Need Strong Passwords
I’m sure you’ve heard this advice before: “Never use the same password for everything!”
In the early days of the internet, this was probably pretty easy. You would probably have your main computer login and then a few websites and email passwords to remember. Now it seems like every forum, blog, and website requires a username and password.
I don’t know about you, but at last count I had around 60 different logins to various sites across the web. Remembering those passwords would be next to impossible, and I definitely don’t have enough room on my arm to write them all down!
This is why I suggest using a password management system.
Why You Need a Password Management Tool
One of my favorite tools out there for managing passwords is called LastPass. It’s free to use the basic version, and there are premium features that you can pay for such as mobile apps and multifactor authentication. I simply use the free version and it works great.
LastPass acts as an add-in to many popular browsers and it will remember all of your passwords and keep them secure with one master password (which is the only one you'll have to remember). An awesome feature of LastPass is that it keeps your passwords in the cloud so you don’t have to manually update your passwords as you switch between multiple computers and mobile devices throughout the day. So for example, if you want to log into your favorite retailer's web site from your home computer, and then again from your work computer, LastPass will know your password automatically.
This, however, is the thing that concerns many people about using LastPass. If all your passwords are stored in the cloud, what if LastPass gets hacked? The hacker would then have access to all your private information.
This was a concern of mine for quite some time, too. However, LastPass is a security company above all else and has put many different safeguards in place to protect your passwords from prying eyes.
First and foremost, everything on LastPass is encrypted. Your master password acts as the encryption key to your vault of passwords. Now, while I’m not sure of the specifics of LastPass’ encryption scheme (it’s a closely guarded secret), good database password management tools add something called a “salt.”
As I mentioned in a previous episode on How to Encrypt Your Files, a salt is a secret ingredient thrown into the encryption process that makes your encryption unique.
It works like this.......