If you are the typical Internet user, you have no idea how many websites you have accounts on but you know that you can log into any website when challenged with one of three passwords you use or using the stored password in your browser.
If I described you, read on and learn why you need to modify your current password management practices, what the best practices are for password management of Internet web sites and how to implement those best practices securely but easily.
In December of 2010, Gawker Media was compromised and 1.4 million registered users and passwords were stolen and quickly shared on peer-to-peer networks. Gawker Media includes popular websites such as Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot. While the Gawker Media sites do not take credit cards or collect too much personal information and therefore are not bound by strict regulations, if the site’s user have similar password management habits as the typical Internet user, the credentials stolen from Gawker Media could provide enough information for hackers to access online banking or online stores.
What can you do to protect yourself? There are three best practices you should follow. First, always use hard passwords. In the case of Gawker Media, the actual passwords were not stored but hashes of the passwords were. Password hashes use one-way encryption algorithm that create the password hash. To verify the password during authentication, the entered password is hashed and compared to the stored value. Easy passwords were guessed and published quickly whereas the hard passwords still have not been “cracked”. Secondly, passwords should never be reused on any site. Internet users that used the same password on banking sites and web email sites as Gawker Media sites had to change their password in multiple locations with hopes that they remembered all the sites. Lastly, you should never store your password in your browser even on your desktop home machine. Use a superior third party tool that encrypts your passwords with standard AES encryption but integrates with your web browsers.
Maintaining hard passwords and making sure you have different passwords for each Internet site without storing the password in your browser seems too difficult, but there are third party applications such as 1Password and Lastpass that allow you to follow the password management best practices. For example, you should use a password tool like 1Password which is available to Mac, Windows and iOS devices combined with a cloud-based service like DropBox will allow you to maintain all your passwords wherever you have access to Dropbox. This setup will allow you to set hard passwords for each Internet site yet easily store and recall using browser plugins for the major web browsers, Using Dropbox, the keystore containing all your usernames and passwords will be available anywhere that you are able to login to Dropbox.
By following three simple rules – create hard passwords, use unique passwords and never store your password in the browser – you can stay safe and compartmentalize your risk on the Internet.
Doug Felteau enjoys blogging about the latest in consumer electronics, information security and about anything technology related. Having written and editted for several blogs and web resources, you can typically find Doug researching or blogging about the latest technology trends on Gizmos for Geeks, where you can find the latest in gadget and technology news, insights, commentary, howtos and much more.