The number of passwords any ordinary human being has to keep track of these days is astronomical. From social networking sites and email addresses to bank details and credit cards, it’s very easy to get lost in the chaos of trying to remember one’s passwords.
Password managers, or vaults, were created to resolve this issue. Simply put, a password vault is like safe storage. It collects all your passwords and their associated details under a single lock and key. This key is the master password. Thus, only one master password has to be remembered to keep all your data safe. Password managers even contain means to thwart traditional phishing tools by comparing URLs with entries in their own database, to ensure you’re not entering a password into a fake site. If they don’t match, they refuse to fill in the required fields. Most password managers also allow for multiple means of protection, such as a USB key.
LastPass is a popular freeware password vault which you can install as a plug-in to your default browser. It requires a LastPass account, but once you make one, you’ll be able to import your passwords and other data to be encrypted on the LastPass servers. You can set a default mail ID and master password, along with a reminder for the latter, before importing your passwords. Once you have an account, you can log into LastPass online to retrieve your passwords at any time, or organize your passwords into different categories. You can also sync LastPass to your browser to automatically fill blank fields.
The vault: Most password managers allow multiple means of protection.
The addition of YubiKey provides for additional security. You need to buy the YubiKey online from www.yubico.com (for $25 or Rs1,280 plus shipping) and subscribe to the paid version, for $1 per month. It functions as a touch-sensitive USB device. You can sync it to LastPass and set a password phrase—a full sentence, as opposed to a password which is usually only six-eight characters. Whenever you log into LastPass, you’ll be required to also initialize YubiKey by hitting the touch-sensitive button and then entering both the YubiKey and LastPass credentials.
To combat more advanced attacks, LastPass also supports secure password generation. You can generate a one-time password and securely copy it without worrying about key-loggers or compromising your master password.
However, this highlights some of the more troubling aspects of password vaults. If a single password is compromised, you can take comfort in the fact that the others are still safe. However, if your master password is stolen, then all your passwords are at risk. They won’t be able to completely guard against screen-grabbing spyware and key-loggers used in conjunction, though LastPass still makes it tough for them. Finally, if someone else has physical access to your computer, browser syncronization ensures the door is pretty much open anyway to access all your private information.
LastPass is available for mobile platforms as well, as a stand-alone app and as part of the premium pack. It’s free to install, but in both cases there is a fee of $1 per month to use the software.
The advent of cloud computing and multiple devices has inspired Google to launch its own password synchronization feature within Chrome. You first need to launch Chrome and enable password syncing by clicking on the wrench icon and navigating to the Settings menu. Choose “Personal Stuff”, and you’ll see a menu for enabling sync and other options. You can also choose to enable auto-form fill and which information to sync.
Choose “Add new user”, and you’ll go to a link for entering your Google Account data. Once sync is enabled, all your Chrome data can be accessed on your phone, laptop or tablet, and even at a friend’s place. This includes bookmarks, history and accounts, etc. The best part is that the feature has had no reported errors thus far, and given the security of Google, it provides a strong impetus for protecting one’s data. It still falls prey to the caveats of password vaults, but it’s a nice feature for those with a short list of enemies and a long list of devices to maintain on the go.
If you are daunted by the amount of online information you need to maintain, a password vault is a pretty good option, as long as you physically secure your computer and take precautions.
Write to us at firstname.lastname@example.org