Go to the Globe and Mail homepage

Jump to main navigationJump to main content

Storing passwords on personal devices is asking for trouble from identity thieves. (Jonathan Lim Yong Hian)
Storing passwords on personal devices is asking for trouble from identity thieves. (Jonathan Lim Yong Hian)

Digital Home

Don’t get hacked: Tips to manage online passwords Add to ...

Earlier this month, Mat Honan, a writer for Wiredwrote about how hackers destroyed his entire digital life by gaining access to his Google, Apple and Twitter accounts.

In just a few hours a 19-year-old man who identified himself as Phobia took over Mr. Honan’s Google Gmail account, broadcast racist and homophobic messages on his Twitter account, and remotely erased all of the data on his iPhone, iPad and MacBook – which included every picture of his daughter since she was born.

More Related to this Story

In his sad confessional, Mr. Honan admitted that, despite some serious security flaws at Apple, the whole hacking incident could have been prevented had he taken more security precautions in protecting his online identity. Mr. Honan concluded that his anger and grief over the loss of his daughters photos could have been avoided by having done routine back-ups of his computer.

The moral of this story is that Web users can’t be complacent about their online security and that, even in the days of cloud storage, users need to have local back-ups of all their data. I have written about backing up your digital assets but now I’d like to turn my attention to something that every online user should be using: A password manager application.

According to software firm SplashData, “Password” and “123456” were the two most commonly used passwords on the Internet last year. The firm compiled a list of the 25 most commonly used passwords using files posted online by hackers which contained millions of stolen passwords. Using “password” or “qwerty” or other simple passwords leaves many users accounts vulnerable to brute force breakdowns, however, the reality is that many victims such as Mat Honan had more sophisticated passwords and were still compromised.

Security firms recommend that web surfers use strong passwords of eight characters or more with mixed types of characters and avoid using the same username/password combination for multiple websites. Using the same username and password for Facebook, Twitter, Google, Microsoft Live and Apple account means that if a hacker gains access to one of your online accounts, they gain access to all your accounts.

Like exercising or eating your fruits and vegetables, we all know that creating, maintaining and documenting secure passwords for every site where a password is required is good for us. The conundrum is that remembering such passwords for every site is virtually impossible.

Rather than giving up on this difficult task, I recommend Web users employ a password manager solution which can auto generate secure passwords for every website you need to log on to and automatically sign you in when you get there. In a nutshell, password managers are tools which make it easier to adhere to best security practices.

Based on the recommendations of several major tech websites, I have chosen to use LastPass (www.lastpass.com) which offers a free and $12-per-year premium service. The free service is ideal for desktop computer owners who don’t need to worry about hackers gaining physical access to their computers. Users who require secure access to their favourite websites from outside their home or from multiple devices should consider the premium option which offers integrated password management on their smartphone or tablet and multi-factor authentication via a biometric device (the most common of which would be a fingerprint scanner) or USB key.

If Lastpass does not satisfy your needs, other well-regarded password managers to consider include Dashlane, 1Password, ClipperZ, Lastpass, Roboform Everywhere, Kaspersky Password Manager and Norton Identity Safe.

My advice when using any of these products and services is to begin with the free option and only move up to the premium versions once you’re comfortable with user interface and know you need the additional features.

Getting started with Lastpass was easy. Downloading and installing the software was routine and took just a few minutes. Unfortunately using the software on a day to day has not been quite as easy. While I have solved most issues, I am still struggling with the creation of new secure passwords, the inability to work properly with the TD Canada Trust and TD Waterhouse websites and automatic login to locally hosted webpages which require me to fill out a dialog box when signing in.

While there have been frustrations and problems with LastPass, I am relieved that I am using unique and secure passwords on all the websites I visit. The only password I have to remember now is the master password which is very secure and is stored in my brain. In case I am hit by a bus tomorrow, I have documented the master password on a piece of paper which has been placed in a safety deposit box at my local bank. If you don’t have a secure place to store the master password then I recommend putting the information in a sealed envelope and store it someplace outside your home, perhaps at a trusted relative.

After two weeks of using LastPass, I would say my experience with it has been similar to all things that are good for me. It`s a little extra work and sometimes the experience leaves a bad taste in my mouth. However, at the end of the day, I know my digital life is dramatically more secure.

Follow on Twitter: @digitalhomca

In the know

Most popular videos »

Highlights

More from The Globe and Mail

Most popular