Solution: Unique, complex passwords that are changed often. A look at digital password managers to securely store your codes.
By Sachin Shenolikar
The online world was rattled in April by the latest security alert: The Heartbleed bug had left several major sites, including Yahoo and Instagram, vulnerable to password theft. The companies’ recommendation to users was short and pointed: Change your passwords. Immediately.
Since then, companies have banded together to try to prevent a similar security breach to their servers in the future. Still, Heartbleed hammered home the point that, in a constantly evolving tech world, it is crucial to have unique passwords for every site, change those passwords on a regular basis, and make sure they are hack-proofed with a strong combination of uppercase and lowercase letters, as well as numbers and symbols.
But here’s the problem: How do you remember all those complex passwords? The good news is that you no longer have to, thanks to digital password managers that securely store your private codes.
There are two types of password managers: 1) apps on your computer, smartphone, or tablet; and 2) providers that keep your passwords stored in their secure cloud.
Within the next two to three years, many people will have their own public key certificate that can be used for everything from identity to electronic signatures, says Mark Leary, vice president and chief information security officer of Xerox.
“Because the cryptographic qualities of that certificate are so much stronger than just a password, we’ll be identified to those and that will effectively be our identity — not our password or user name,” he says. “It will become something that’s associated with us as a person, much like a driver’s license.”
In the meantime, here are five password managers to try:
1. eWallet. Using 256-bit AES encryption, this app works on Apple, Android, and Windows devices.
2. Microsoft Single-Use Code. This feature text-messages a code to a user’s mobile phone for simultaneous login to all Microsoft applications.
3. LastPass. LastPass’s free version prompts users to save passwords for new sites as they are browsing.
4. Dashlane. Dashlane has an auto-login feature so you don’t have to type in your passwords.
5. Norton Identity Safe. A pioneer in Internet security, Norton’s manager has a password generator that will create secure codes for you.
(This article was excerpted from Real Business, a website from Xerox that provides ideas and information for decision makers in business and government. Read the complete article here.)
I would add also my password manager of choice – Sticky Password (http://www.stickypassword.com) – worth trying out, I have been with these guys for years and they are great.
Hi Sachin, I’m storing my passwords in a spreadsheet and then compressing with Winzip 256-bit AES encryption. Do you know if that is good enough?
Vince, I forwarded your question to the folks in Xerox’s IT security department. Here’s the response to your question:
“While AES encryption is good, I would recommend taking a look at password managers anyway, given their ability to auto-generate unique passwords for you. “
I was specifically told by our IT Support that it is a violation of Xerox policy to have anything on a Xerox computer that stores passwords so I removed Password Safe, which was my password manager of choice. Please clarify if these are being recommended for personal or business use.
Hi Wendy:
Thanks for your comment. Simplify Work is an external blog, so these types of articles serve as suggestions that people may consider for use in their personal lives or for their own businesses. In the case of Xerox employees, the former applies. For the latter, I encourage you to review Xerox’s information security policies; or you may post an inquiry on the Xerox Security group on Yammer.