All of the recent password leaks have gotten me thinking about the current web user’s predicament with passwords. With the influx of web-based services, and with every website offering a login to save your profile and make your experience better, we are in a place where we potentially have many, many passwords to keep track of. Now, of course we are told not to use the same password for multiple sites, and to use complex but easy-to-remember (huh?) passwords to make them more difficult to crack. In fact, if no LinkedIn users reused their passwords, the risk of such password leaks would be very low!
Not counting work-related accounts, I have upwards of 30 unique accounts that require passwords. Does it seem reasonable to expect that I would remember 30 unique, complex passwords? Considering that I regularly forget what I ate for breakfast on any given day, it's highly unlikely. So how do I handle that? Well, for all of my work-related accounts, I'm lucky enough to have a custom-built password vault to work with (Thanks, Ned!). In my personal life, I employ the same tactic: I use a password-vault tool, and limit the number of passwords I have to remember down to a maximum of one very complex and difficult-to-crack password!
There are a few good free and cheap options for personal-password management, and they each have their pros and cons. In the end though, all of the tools I will list below perform the same function, and are essentially interchangeable:
LastPass has a free single-user option, and focuses on integrating with web browsers. It also offers random-password creation for your accounts. Your password information is stored encrypted by LastPass, so you can utilize LastPass across multiple computers, though you will have to download the client on each if you want the browser integration. According to LastPass, while it stores your passwords encrypted in the cloud, all decryption/encryption occurs on your local machine.
KeePass is another free option that is also opensource. KeepPass does not integrate with your browser, and is more of a traditional application that you would have to open when you wanted to add/view a password. It also offers a random-password generator. This tool is limited by the fact that it exists solely on one machine.
1Password has a one-time cost of ~$70 for a single user license that you can use on multiple machines running the same OS. This tool offers similar encryption as the others, while providing the option to store your data on your local machine or leverage the cloud. You can also store data such as credit-card numbers, and 1Password will integrate with your browser to auto-fill this type of information.
There are many more options out there, and most of them do a similar job. The most important things to consider when finding what tool works best for you are the following:
- What type of encryption does the site use?
- Where is my data stored, and who has access to it?
As long as you utilize these tools to allow you to use different, and stronger, passwords on *all* of the sites that you trust with your password, you will be on a path to better securing your data!