Protecting Passwords

I’ve been using LastPass for a couple of months now, and it’s actually brilliant. Basically it stores all of my passwords securely online and by means of a browser plugin can automatically fill in all my online forms without storing the info in the browser. This is great at work where I don’t want to store my passwords in Firefox for all to access! I can also access the passwords via their site, or an iPhone app. What it also means is that I can replace the one password that I pretty much used everywhere (Yes, I know!) with unique 20 digit, alpha, numeric and special character passwords. Much more secure!

The reason I switched was after leaving my Mac with Apple to be fixed and then having to give them my password because I forgot to take it off, but I wish I’d have done it years ago. How many times have you registered on a site and got an email confirming your password or when you’ve forgotten it they just send it to you? I’m shuddering at the thought of them storing my password in plain text for anyone to see or steal.

I’m sure a great many of us are guilty of doing it. I’ve worked on content management systems which allow the admins to see people’s passwords, passwords that they obviously use everywhere. It’s criminal! Whenever I build a content management system, or any system that stores passwords, I make sure I hash and salt them. Users have to reset rather than be sent their new password, but it makes it harder for hackers to get hold of users’s passwords.

Most people probably aren’t aware of how websites are storing their passwords, or even why it matters. Even with high profile hacks like those on Sony’s PlayStation Network, people are still using one password across all of their accounts, usually with the same email address or username. Why? Because it’s easy. Who can be bother remembering umpteen passwords when you can just use one?

This is what hackers pray on. They have your username or email and your password, which they can then try on all the usual sites. They could access your email, your Facebook, Twitter, etc. From there who knows where they could go, or what they could get into. You might as well kiss your identity and your bank account goodbye! You could very easily blame the website storing your data if it falls into the wrong hands, but if you’re only using one password for everything you’re really not doing yourself any favours, especially when there are services like LastPass and 1Password making it easier than ever to use secure passwords.

Unfortunately, we don’t have much control over how the websites we use store our passwords. What we do have control over though, are the passwords we give them. How secure are your passwords?

One Comment

  1. LA

    Good idea, i’ve worked for a company not encrypting them a couple of years ago and i reckon there’s still a very large lot of them out there. Gonna try 1pass!

Leave a Comment