Recently, there was a widely-covered incident where four-hundred iTunes accounts were stolen and used to purchase content from the iTunes online store. At first, people quickly jumped to the conclusion that it was a “hack” and a “vulnerability” on Apple’s side, which caused a huge PR fiasco. However the truth soon came out to be that the real reason behind the compromise was the fact that four-hundred people were exploited because they did not have strong passwords. All in all, the entire event could have been prevented by people’s implementation of stronger passwords.
Now, it’s not like we haven’t covered password strength before. In the past, I wrote an article on how to create strong passwords. This article covered the creation of passwords using random generators, as well as the “maintenance” involved with having passwords; using unique passwords for different services, changing passwords on a regular basis, etc. And more recently, Jeff wrote an article on how to evaluate the strength of your current passwords. After the release of these two articles, I’ve come to the conclusion that there’s one reason, and one reason alone, why people do not implement unique and strong passwords; they are simply not simple enough to remember.
The answer to this problem has always been password managers; applications or web-services that allow a user to securely store their credentials for various sites and services.
While there are many password managers available online, I had yet to find one that met my expectations. As a Windows user, I had always been envious of 1Password being exclusive to the Mac OS X platform. And it was just my luck that I migrated myself over to Linux as 1Password became available for Windows. Because of the lack for Linux password managers that met my expectations, I simply found myself using a text file to store my passwords. This made logging into sites a tedious task, as I was forced to open the text file, find the login for that site, and copy and paste my password into the field. This is not to mention the fact that it was extremely insecure, as anyone who had access to my computer could simply copy my entire password list without my knowing it.
However, I recently found Passpack, a service that offers secure online password management. After signing up for a free account (they offer paid accounts, however I have found that the limit of one-hundred passwords with a free account is more than enough for me), I began playing around with the service. After looking into the service and ensuring that they were trustworthy enough to handle all of my sensitive password information, I began actually using the service.
If you travel a lot and use different computers, you will like that they offer one-time-use logins that allow you to log in without worrying about your password being picked up by key-loggers, etc. While this is a great feature, people who need more than three temporary logins per month will need to upgrade to a paid account (starting at $1.50 per month). Also, Passpack allows a user to backup their passwords to a CSV file or a tabled HTML file. This allows the user peace-of-mind by ensuring that they always have a backup of their passwords, and that they can access them even if they cannot access Passpack while traveling.