Wednesday, February 13, 2013

How secure are your passwords?

The recent hack of Telecom's Xtra/Yahoo email service, in which 450,000 users may have been affected, once again highlights the importance of managing your online security. We're all told that you can't use your dog's name as your password (too easy to find out) and that you should include lower and uppercase letters, numbers, and even special characters in your passwords (many sites now insist on this). We're also told that you should never use the same password for different websites or services. Then if a site is hacked the hackers can't get access to the rest of your online life since the password they've got is only good for that one site.
    But the problem is to follow this advice means having to remember dozens of complex passwords -  a virtually impossible task. However there is a solution, no not PostIt notes - a password management system. There are several on the market. I use, and am very happy with, LastPass.
    Basically these systems install a browser extension (all major OSs and browsers are supported) and they watch for username & password fields on websites. When you login the password management system provides the correct password for the login URL from its encrypted database in the cloud. If you're registering for the first time the system generates a random complex password for you and stores it. So now you only have to remember one password - the one that logs you into your password management system. To make this more secure LastPass uses Google's 2-step verification system that also requires a code number generated by an app on my smartphone to complete the login. There are several other security features that LastPass has, which you can explore for yourself. I recommend you consider using a password management system to take control of your online security.


  1. It's possible to mostly perform the same function that LastPass performs, yourself. Simply take the domain or site name and perform a humanly memorable hash function on it, adding words, shifting letters, swapping them, counting them etc. That way you only have to remember the one function for all the sites/programs you use.

  2. That's true Craig - would you care to give our readers an example of a "humanly memorable hash function" I'm sure they'd be interested and I could make it a new blog post.