4 services to keep your passwords safe
By Alice Truong
June 10 2012
LinkedIn, eHarmony and Last.fm. Within the last week, these three companies reported password leaks affecting millions of users — about 6 million from LinkedIn, 1.5 million from eHarmony and an unspecified number from Last.fm. Even the savviest of tech companies can fail their users.
We all know best practices with passwords: make them unique to each site, the longer the better, mix in special characters, avoid pet names, etc. But let's face it, they're incredibly difficult to remember, and fields become cumbersome to fill out.
But with a little help from software, we find secure password-management solutions to keep
your accounts safe — a digital safe for a digital age, so to speak.
1Password: Comprehensive password manager with one-time fee
We last covered 1Password in a cybersecurity-themed column, but it makes our list again because this popular software (named winner of Macworld's Editor's Choice Award and Ars Technica's Design Award) is incredibly well regarded in the tech community.
Slick browser integration means the application can automatically generate strong passwords, save them and fill in fields without leaving Safari, Firefox or Chrome. The software takes care of the heavy lifting, and all you have to do is remember one (hopefully very secure) password that holds the key to your accounts.
The PC and Mac desktop apps ($49.99) have great smartphone counterparts (free for Android, $14.99 for iOS) that can automatically sync via Dropbox. There's even a (slightly clumsier) manual Wi-Fi sync option, in case you'd rather keep your passwords off the cloud. 1Password is a bit pricey, but rest assured it's worth every penny.
LastPass: $1/month subscription service chock full of features
Another popular and trusted password-management application, LastPass functions similarly to 1Password, except for one major difference: Your passwords are stored on its servers. Some consumers worry that storing a password on an outside server opens up another avenue for hackers to steal their data.
But LastPass, named one of PC World's 100 Best Products in 2009, reassures users that their data is encrypted and decrypted locally, and the Web-facing product is secured with 256-bit AES encryption. AES is an encryption standard used by the U.S.government and throughout the world to secure data. Generally speaking, the higher the number, the longer the key and the harder it is to crack.
LastPass's syncing capabilities bring one unique and handy feature not found in other comparable applications: password sharing. Even if articles like this one warn you from sharing passwords, chances are you will (e.g. Mom wants to borrow your Netflix account, a colleague needs access to a group account, etc.). With LastPass, you can give passwords away, or share them without divulging their contents.
The other big consideration with LastPass is its pricing structure. The free subscription service includes its major features (automatic form filling, synchronized across browsers, password sharing and more) but comes with ads and lacks mobile access. The premium subscription includes the whole enchilada and costs a cool $1 per month. LastPass is available for PC, Mac and Linux computers as well as iOS, Android, Blackberry, Windows, webOS and more.
KeePass: Free, open-source alternative you can tweak to your needs
One of the earlier password managers, KeePass is free open-source software that will keep track of your logins. You can choose to use a master password to access the database, but the application has an option to use key files. KeePass says these files are more difficult to crack (just don't lose the file or the drive it's on). For the ultra paranoid, users can combine the two, requiring a master password and key file to unlock the password database.
Given its open-source nature, if you're not happy with any component, the source code is available for you to tweak and play with. KeePass is compatible with Windows machines; an unofficial port called KeePassX is available for Mac and Linux computers.
Norton Identity Safe: Password manager backed by big name in security
One of the newest players in this space, Norton Identify Safe debuted in the spring as a standalone product. While it's not the most robust password manager, for some people, the Norton name might offer peace of mind. The software uses 256-bit AES encryption and doesn't store passwords or decryption keys on the company's servers.
The big drawback is that Identity Safe doesn't use a built-in password manager; it only offers one through its website. In addition to saving and filling log-in information, Norton also offers bookmarklets to let users share content on social networks directly from Identity Safe. A safe search feature also alerts users to fraudulent websites (granted, most modern browsers have this built in). While Norton hasn't announced any pricing structure, users who download by Oct. 1 will be able to use it for free — no expiration date. Identity Safe is compatible with PCs and Macs as well as iOS and Android devices.
No comments:
Post a Comment