Using password managers to simplify online security

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Monday June 2, 2014 at 2:00pm
Following on from last months blog Heart bleed: how to protect your business and yourself I thought it relevant to touch on the topic of ‘password managers’. Even changing just one online site’s password can cause heartache, imagine having to change hundreds which could have been the case as a result of the recent heart bleed vulnerability. This is where password managers make online account management so much easier.

Breaking news: ebay database servers compromised losing 145 million users credentials including personal information, address, phone number, email, encrypted password and date of birth. Yet another reason to stop trying to remember passwords and use a password manager.

I’ve had personal experience of using the following solutions and I can honestly say they have made me more efficient and more secure in the process.

Securesafe

This Swiss made solution is more of a password safe than a password manager, however it has one feature which makes it quite unique. Almost everyone now in death leaves a digital graveyard behind them, the “Data Inheritance” feature can allow partners and family access to your important information such as login criteria, PINS & passwords. It now offers secure storage of documents, secure file transfer along with the original features of secure password storage and data inheritance. It does offer SMS authentication adding that important second layer of security for authentication. It offers apps for android, iOS and other smart phones/devices.

Lastpass

One of the most respected password managers on the market, this is a true password manager not just a password store. You are still required to remember your ‘master’ password to be able to log in to the service, but once this is done Lastpass can generate unique random passwords for all your sites so you don't have to remember another password! All your passwords should look like this: Kqo\=3oyB>VXG^-6, but could you remember that? A key feature when looking at using any online secure storage is local decryption only, this means your security keys never leave your device and are never shared with any online servers. Again in my opinion multi factor authentication is a must, and Lastpass offers many options on this front. Multiple device support is available, and your account syncs across all devices.

iCloud Keychain

iCloud keychain is exclusive to Apple products. To quote Apple, “iCloud Keychain keeps your Safari website usernames and passwords, credit card information, and Wi-Fi network information up to date across all of your approved devices that are using iOS 7.0.3 or later or OS X Mavericks v10.9 or later.”

This is built into the Safari web browser and allows an even more seamless experience than Lastpass, it does not offer as many features as the previous solutions, although with each iteration I’m sure Apple will be adding new features. Again the information is only saved on the device that is approved, not saved in online servers. However it is crucial that you protect your devices with strong passwords or PINs where using iPhone or iPads. If someone has local access to your devices then they have the keys to your online kingdom.

Clef

This is hopefully the new wave of authentication used for online accounts. Clef is a mobile app that actually replaces both your username & password.

The weakness of using a traditional username/password combination for online accounts is to stay secure you have to try and remember different passwords for every site. Websites store passwords in attackable databases and hackers can crack most passwords within 24 hours in an offline attack.

Using your mobile device you get one click sign-on across multiple sites and no passwords are used or stored in an attackable database. Security is handed over to the user to manage, the user must still log in to the app via PIN code. Clef has only limited use currently until more sites adopt this authentication method.

I trust myself to safeguard my information more than a third party (i.e: eBay), do you?

Marcus Allen
Parker Management Consultants

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Comments:  
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here