Surfing online takes some memory skills. Whether you want to check your emails, visit with your Facebook friends, look at your bank account online or play an Orc in World of Warcraft, you need to remember your password to get there.
Each service requires its own password. That has prompted many to come up with a single password for a multitude of services. While simple, that approach isn’t particularly safe.
Which is where password managers come in. When used properly they can ease your worries and help you with your bad memory. But users need to take time before they decide to which service to give the keys to their entire digital life.
Managers work by putting your data in a kind of digital safe, which the user can open with a single password. There’s a multitude of services around to help jog your memory.
“Which service is practical depends upon your individual needs,” says Marit Hansen, a data protection agent with the Independent Data Security Centre of the German state of Schleswig—Holstein. Free products are not necessarily any worse than bought ones.
Some programmes only work on an individual computer. Others exist on USB sticks, so users have the access codes at the ready anywhere.
Browsers also offer some memory assistance by routinely asking whether input data should be remembered. Firefox relies on a master password: without it the browser saves data in an unencrypted form.
Some services put the key to your digital codes into the cloud, i.e. on their servers. That’s handy, because it means you can access them from any internet—capable computer. But recent events have shown that a lot of these cloud services are not adequately protected from hacking attacks, warns Hansen.
Whichever service for which you opt, the key is the encryption.
And no level of encryption will help you if thieves can guess the code or crack it by applying enough computing power.
That means if you save all the codes to your various digital needs in one place you must come up with a secure password. That means at least eight — preferably 12 — characters with a mix of letters, numbers and special characters. Common words are taboo.
But all password managers have one weak point. They notify attackers when they’ve incorrectly guessed a master password, simply because they do not then allow access to private data. That leaves the hacker free to attempt the hack with other word and letter combinations.
This is why Germany’s Fraunhofer Institute for Secure Information Technology recommends its MobileSitter, which always gives up passwords when anyone inputs a master password, either real or false.
The trick is that the passwords are only accurate if the master password is the right one. The rest are just a diversion.
“Our system lets you come in and find passwords with any master password,” says computer scientist Ruben Wolf. “But you don’t know whether they’re real of fake passwords.” But whichever system for which you opt, Hansen recommends some basic security steps. Keep an eye on the news so you’re aware of security gaps or updates. And make a backup of your encrypted password data and save it on an external medium, like a USB stick.
Then save that somewhere safe.
Keywords: Password manager