Categories
- Art (356)
- Other (3,632)
- Philosophy (2,814)
- Psychology (4,018)
- Society (1,010)
Recent Questions
- Why did everyone start to hate the Russians if the U.S. did the same thing in Afghanistan, Iraq?
- What needs to be corrected in the management of Russia first?
- Why did Blaise Pascal become a religious man at the end of his life?
- How do I know if a guy likes you?
- When they say "one generation", how many do they mean?
This may sound unexpected, but unify your passwords-it will make your life much easier. And no, I didn't say “Use the same password everywhere” – that would be wrong, insecure, and downright stupid. But there are ways to use different passwords of the required complexity, but similar structure. There are a million similar schemes, and you can invent your own. The advantages of such schemes are that you are not “tied” to some applications and tools and do not share your passwords with some third party-everything remains where it should remain (yes, only in your head), but it starts to take up less space there. I'll just give you a neutral example.
The algorithm in this example will be simple, but effective. First of all, you will need to come up with a password. This will be a kind of master key that you will use to build your passwords. It should be a fairly complex password that will consist of at least lowercase letters and numbers. We'll deal with special characters and uppercase letters later – that's the point of this example. You can use endless online password generators, or you can come up with a sequence yourself. Of course, there are no dictionary words, names, or names… Well, you know. For example, you ended up with “fed43ggy7”. And why not – maybe that's enough for you.
So, the next step is to start making our passwords both unique and more secure (read: longer and more complex). For example, we register or change the password for vkontakte. We choose a prefix for the password so that the resource itself is somehow associated with this prefix. For example, the first thing that suggests itself for VK is VK. Yes, if there are no capital letters in the master password at the beginning, then it will be cool to use from here.
The last step. We choose a separator among the special characters (you can use a new one each time, or you can use a permanent one – the question is purely about security) – say,&, – and the collected password for VK: prefix, delimiter, and constant part.
In our example, the password VK&fed43ggy7 is obtained. I must say that it looks quite good for a regular password – random, unique, and quite complex. Moreover, it is easy to change such passwords periodically, as is recommended. You can leave the same or similar scheme and simply replace the master password with a different one everywhere.
And, of course, the example I gave is very simple for the sake of demonstration. In fact, there is no limit to your imagination and ingenuity. The password may have three parts instead of two; the master password may be more complex; you can add a postfix as well as a prefix… In any case, a dozen passwords of this type will be easier to remember than ten unique passwords of acceptable complexity, and it will be safer than a password like “password”, which will be the password for everything.
I haven't remembered my passwords in ten years. I just use a password manager where I generate new passwords, save them, and then use it to enter them on the site.
Review of password managers from the site SecurityLab.ru:
Dashlane
The best password manager available on the market. The program allows you to change several passwords at once in one click and supports two-factor authentication. In addition, it is possible to use shared passwords within the same team.
“Dashlane is a recent addition to the market, but its user – friendly interface has already won the sympathy of small and medium-sized businesses,” says Daniel Humphries, a researcher at Software Advice.
Dashlane costs$ 40 dollars per year per user, but there is a free version for one device.
“There are many cases when it comes to password managers, and business owners can always decide whether to buy the full version or use the free one, depending on their needs and priorities,” says Humphreys. The good news is that even the free versions have a lot of features.
In the free version of Dashlane, you can “feel” the interface, including a password manager and an automatic form filler, and share up to 5 accounts.
In Dashlane, you can assign access to the account storage (and form placeholder) to a trusted person if something happens to you. So you don't have to enter your own address every time.
The function of changing a bunch of passwords in one click is currently available only in Dashlane. This includes more than 160 of the most popular sites, including Facebook, Twitter, LinkedIn, Pinterest, Amazon, Dropbox, and Evernote. This feature is very useful if you suddenly suspect that your accounts have been compromised.
When sharing passwords, you have full control over who uses shared accounts (you can change the access level if necessary). This feature is very useful if several employees of your company work together under the same social network account.
Automatic authorization works even with multi-page sites (for example, banking sites). Passwords, form information, and notes are encrypted and stored anywhere you choose (locally or in the cloud).
By the way, Apple only recently allowed access to the Safari mobile app for third-party display managers. Previously, users in iOS had to copy and paste information in forms manually.
LastPass
LastPass used to be my favorite, although I still use this password manager today.
There is an enterprise version of LastPass with syncing via Active Directory, customizable policies (connecting, disconnecting, and adding new users), and unified authorization in popular cloud services, including Office 365, Google Apps, Salesforce, WordPress, and others.
Supporting both software and hardware multi-factor authentication, including YubiKey USB keyfob, Toopher, and Duo Security.
In addition, LastPass has a free credit history monitoring feature. When working in questionable systems and networks, one-time passwords are generated.
According to Cid Ferrara, vice president of sales at LastPass, the company currently has more than 10,000 corporate clients, some of which are Fortune 500 companies.
The price ranges from$ 18 to$ 24 per year per user, depending on the order volume.
Like Dashlane, LastPass allows you to save passwords when logging in to new sites. However, problems may arise if the employee uses services that are not related to the company's activities.
“You need to take care of users who use personal accounts in the workplace, for example, to access bank accounts, so that they don't face legal action later,” says Randy Abrams, head of research at NSS Labs in Austin, Texas.
LastPass has a solution to this problem.
Employees can use both corporate and personal password storage, but the company's management only has access to the corporate storage.
When an employee leaves the company, all corporate accounts can be deleted – and personal passwords remain intact.
Personally, I use the personal version of LastPass, but the interface of this manager is quite cumbersome and inconvenient. Perhaps in the future, when my subscription ends, I will switch to Dashlane.
For example, to change a bundle of passwords in LastPass, you need to create and change the password alternately for each site. The whole process is pretty well automated, but still not as convenient as in DashLane, where you can change multiple passwords with a single mouse click.
Although the enterprise version of LastPass is the strongest competitor for DashLane.
KeePass
Many of our readers may prefer KeePass for personal use.
“I prefer KeepPass because the password manager is free, open source, integrated with Windows User Account Control, and not a browser plug-in,” says Jason Fossen, an instructor at the SANS Institute in Bethesda, MD. “From a security point of view, it's not a good idea when the most important information – passwords and credit card numbers – is stored in the browser, which can easily become a victim of malware.”
Jason says that KeePass is a separate application and is not a browser plug-in.
“KeePass supports scripts for PowerShell, which allows you to create solutions for special needs,” adds Jason.
KeePass is a free alternative for “ascetics”who are not particularly picky about convenience and functionality, but want to seriously improve their security.
1Password
Another password manager that allows you to use shared accounts is 1Password.
“I highly recommend a password manager with secure storage,” says Steve Hultquist, chief evangelist at RedSeal in Sunnyvale, California. “These applications allow you to automatically generate completely unique passwords for each site and automatically fill out forms while working on desktop computers, mobile devices, and other applications.”
Like Dashlane and LastPass, 1Password supports most browsers, automatically fills out forms, and has versions for both iOS and Android platforms.
Blur
The special feature of Blur is that, in addition to generating a long, unique password, this manager creates a one-time address to mask your real email.
As with other paid managers, Blur has a free version. The extended version (which generates revenue for the company) costs$ 40 and allows you to generate one-time credit card numbers with spending limits that protect the user from hidden fees and information theft. You can also mask your phone numbers.
“All Internet users should have a password manager,” says Rob Shavell, CEO of Abine. “Password managers are becoming more convenient, saving time, but at the same time protecting confidential information well. Regardless of the size of your business, you should pay attention to these apps.”
In addition to his own brainchild (Blur), Shaywell also recommends LastPass, 1Password, Dashlane, and PasswordBox (see below).
TrueKey (ex. PasswordBox)
PasswordBox was recently acquired by Intel. At the moment, the full version is free for all users.
In addition, it is planned to implement the “True Key” function in the future, which will replace the master password with biometric identification (for example, by face).
Most password managers use a master password, that is, a password to unlock access to the entire storage. The basic idea is that it is much easier to remember one very long password than dozens or hundreds of passwords for each site.
However, the master password is also not very convenient, especially if the manager is blocked due to an inactive computer or mobile device (although, from the security point of view, blocking is desirable).
“Comprehensive support is essential,” says Andre Boysen, Chief Identity Officer at SecureKey Technologies in North York, Ontario. “Access to the password vault will always be one of the primary goals of attackers.”
It is claimed that PasswordBox is the most reliable password manager. Currently, the number of downloads exceeds 14 million. For comparison, it is claimed that LastPass is used by about 6 million users.
In addition, PasswordBox has the function of assigning a valid user who can access the storage if something happens to you. You can also share accounts among employees or family members.
RoboForm
RoboForm is the oldest password manager mentioned in this review. The first version of RoboForm was released in late 1999.
RoboForm has one unique feature that allows users to log in to multiple sites at the same time. This is very convenient if you use several services on a daily basis. There is also a portable version of RoboForm2Go that can be installed on a USB stick.
Like other password managers, RoboForm supports all major browsers and devices. You can choose a cloud service to sync across all devices, or store data locally. However, in the latter case, you will not be able to access the storage from other computers and mobile devices.
In the enterprise version of RoboForm, you can configure group policies, Active Directory integration, master password recovery, and account sharing. Automatic creation of accounts for user groups and time-limited accounts is supported.
StickyPassword
StickyPassword has a unique feature for syncing over a Wi-Fi network (if you don't want to use the cloud service for some reason).
It supports working with USB devices, biometrics, and automatic form filling. StickyPassword is adapted for all the most popular platforms, browsers, and devices.
The cost of the full version with support for syncing via Wi-Fi is only$ 20 per year (the cheapest option among all other managers from this review).
The company claims that StickyPassword is used by 2 million users. In addition, the VIPRE Password Vault technology (developed by ThreatTrack Security) and the Kaspersky Password Manager were developed on the basis of StickyPassword.
Unfortunately, StickyPassword does not provide an enterprise version, which makes this password manager not particularly suitable for business.
“If a company is going to use a password manager, you should make sure that the application supports a level of remote management that meets the needs of the business,” says Randy Abrams, director of NSS Labs (Austin, Texas).
I'll share my own example. I have been an active Internet user for ten years now. Initially, I used simple meaningful passwords consisting of lowercase Latin characters and sometimes numbers. Since it's not a good idea to constantly come up with passwords, I used a set of the same passwords. Over time, I have eight such passwords. Some were �just words, others randomly or not-so-generated character sets. The essence of all these passwords is that for each one you can come up with a certain definition and somehow designate them due to this (in my case, a letter). So, for example, we got v – the first password from vk, �t-the password sequence that was easiest to enter from a push-button phone, etc.�
So, now when I need to come up with a new password, I come up with a new combination of two or three passwords and enter them in a text file on the PC (and immediately on the cloud) and in the notebook to wash down the type: [service name] ([login if necessary]) s+m or�[service name] d+f+v, where the plus characters indicate which parts the new password consists of. For frequently entered cases, combinations are easily remembered, for more rare ones, a password reminder is always at hand, and it's not scary that someone will find out your passwords. Also, just in case, from time to time I throw the hint entry in different places. If a certain service requires both cases in the password, then you can write one of the password parts in uppercase, and write something like n+D+s in the prompt.