Password Management Moves Into The Mainstream

LinkedIn, eHarmony and Last.FM have all been victims of hacks this month, with users’ encrypted passwords being posted online. The LinkedIn breach alone resulted in 6.5m hashed passwords being published on a forum.

What makes these hacking incidents so dangerous is that, amazingly, a high proportion of people continue to use the same or variations of the same password across all their online accounts, be it email, social media or online banking. In light of this, someone unscrupulous gaining access to your LinkedIn password becomes a much more serious concern.

Users of these sites with weak passwords are the most vulnerable, but all users should take the precaution of changing their passwords. If the same passwords are used on any other sites they should be changed there too. You should always avoid using the same password on multiple sites. In 2012, that’s the equivalent of going on holiday and leaving the keys under the doormat.

If you think you may have been affected by any of these incidents, for the next few weeks be especially wary of any emails purporting to be from these services asking you to log in and change your password, as these will almost certainly be phishing scams. To keep yourself safe you should always visit the site directly or through a bookmark, never from an email link.

Ultimately, of course, prevention is better than cure and individuals should take steps to protect both themselves and their business. The approach to mitigating risk is twofold: use a strong password and don’t use it more than once.

Weak passwords are extremely vulnerable as these can be very quickly decrypted, and using different passwords on every website isolates exposure should one site be compromised. To create a strong password, make it long to increase the number of possible permutations and don’t use dictionary words as they are much easier to crack. Using a mixture of upper case, lower case, numbers and special characters helps by increasing entropy.

Don’t forget to remember

However, while advice to use complex, unique passwords for all sites is well and good, the problem for many users of multiple sites is that it’s difficult to both create and, crucially, remember those login details.

Some solutions completely eliminates the need to memorise multiple usernames and passwords while helping users increase their online security by generating very strong encrypted unique passwords for all of your online accounts including social media. These long, high-entropy passwords are much more difficult to decrypt and minimise your risk from hacking.

Think of a password management solution as a safety deposit box in a secure vault for which there is only one key. The security of this vault is a priority and users’ details are protected using two layers of authentication: firstly username and password, and second, a key phrase. This key phrase is then translated automatically into a unique key, which would take the most advanced computers millions of years to decipher.

Good solutions employ military-grade encryption, using stronger encryption technology than many online banking platforms. Users’ keys are never stored on the servers and not even our employees can see or access users’ data.

With good solutions, login details are initially encrypted using 256-bit AES, and are then further encrypted using 256-bit SSL before being sent across the internet. 1024-bit RSA encryption is also used to secure shared login details. SSL certification is provided, and users’ information is stored in datacentres that operate within a ISO27001 accredited secure environment.

With each new hacking incident, individuals and businesses are finally waking-up to the idea that organised cybercrime has become a day-to-day threat and that increased password security management is absolutely essential. I predict that online password management solutions will be as familiar a concept as virus scanning within the next 12 months.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Michael Newman is the founder and CEO of my1login and is based in Glasgow, Scotland. Michael graduated from The University of Glasgow in 1994 with an honours degree in Electronic Engineering, before undertaking a postgraduate diploma in Information Systems. He began his career at Scottish Telecom, which latterly became THUS plc, where he quickly rose through the ranks to become Head of Managed Solutions. With over 17 years experience in the telecoms and internet sector, he has held a variety of plc-based senior management positions, spanning Marketing, Sales, Product Development, Operations, Acquisitions and Start-ups, for companies including THUS and Cable & Wireless. Passionate about developing technology solutions for real life problems, Michael launched my1login in 2012 and feels privileged to be able to offer a free service that makes the web easier to use at the same time as improving online security. He is also a Chartered Engineer and member of the Institute of Engineering and Technology.