Online security is crucial. Making certain that your identity is not easily stolen and that grubby little thieves can’t get their hands on your money or private data is something to take very seriously in our online world.
Despite this, too few of us put the appropriate level of effort into keeping ourselves safe online. In all fairness, there are plenty of websites that seem very keen to make it harder for us. They do stupid things like e-mailing us our passwords in plain text, or restricting our password length to just 12 characters.
Apart from refusing to use sites like this, there is not much we can do about that, but there is plenty we can do on our side to make our online defences as difficult to crack as possible. In most cases, that will be enough to cause the attackers to move on to the next unsuspecting user. In fact, their being unsuspecting is part of the problem. Forewarned is forearmed.
The very first consideration is the number of passwords you use. Do you, like most people, use exactly the same password for all sites? Then you are very vulnerable. “But my e-mail/social network/banking, etc. has very good security!” you cry. They do, and that is good. The problem is not those sites – at least not directly.
The problem is all the other little services you’re signed up to. What if it turned out that www.myflufflylittlewebservice.com was easily compromised and that malicious attackers could gain access to the passwords they have stored? Once your password has been retrieved from that site, attackers will then, as a matter of course, try and use that password to gain access to your e-mail and possible other services such as Paypal. Now they have got you. They can read all of your e-mails and send themselves money directly from your Paypal account. Given that most people do use the same password everywhere, it is worth an attackers time to try and see if you do too.
So, the best solution is to have a different password for each of the services you use. Naturally, the reason why most people don’t want to do this is simply because there is no way they can remember that many passwords. That is where password services such as LastPass, KeePass and 1Password all come in handy. You pick one, strong password (more on password strength later) and use that to protect a vault of other, even stronger passwords. There are browser plugins which will then allow you to use these vaults to auto fill login forms – requiring only your master password.
KeePass has the advantage of being open source, which means all the security methods are regularly scrutinised and all flaws are found and fixed very quickly. That said, it doesn’t integrate as nicely into your system and browsers as LastPass, which is my preferred solution. This does mean that LastPass users are relying on LastPass keeping its house in very good order – and there is no question that is a risk. So far, however, it has kept up its end of the bargain and, as I say, the integration is superb. If, however, you are beginning to feel particularly paranoid, then I would recommend taking a look at KeePass.
The next piece in the puzzle is password strength. The majority of passwords that people choose are simple words, names or dates. Unfortunately, in most cases, these can be cracked within minutes. A password of eight characters using only lower case characters can be cracked within about eight seconds.
A password of eight characters that includes both lower and upper case characters, numbers and common symbols would, using the best cracking methods, take around 84 days to crack. I would recommend making all your passwords around 20 characters long and use upper and lower case characters and include numbers and common symbols. The password services listed above can generate and remember such passwords for you.
With the help of a password service such as LastPass and KeePass, keeping yourself secure online is so easy that there really is no excuse not to do it. Even if you sign up to a site with poor security, the worst that can happen is that site is compromised – leaving all your data from other online services safe.
Not something that can be said if you use one password everywhere.