Passwords aren’t dying any time soon. Here's how to manage them effectively.
It’s tough to keep track of all of your passwords. In spite of advances in biometrics, and increased attention on the value of two-factor authentication, passwords remain the primary means of digital security. They're also one of the weakest links in the security chain. If we can’t get rid of passwords, we need a better way to manage them.
Remember when passwords were going to die out? Bill Gates told an audience, "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."
That was in early 2004. Nearly a decade later we still rely heavily on passwords, and passwords still suffer from all of the same weaknesses Gates described.
I used to be guilty of recycling the same password across virtually every account as well. The sites and services I use broke me of the habit because the password policies are so different from one to the next that it became very difficult to even find a password that meets the requirements of all of them.
Fair enough. It’s a horrible policy anyway. Security best practice suggests you should use different passwords for different sites. Just as you don’t use the same key for your front door, car, bike lock, and safety deposit box, you don’t want to have the same password “unlock” all of your information. If one site or service is compromised and an attacker gets access to your password, you don’t want it to be a universal key to your entire online identity.
Apple recently unveiled details of the new Mac OS X, “Mavericks.” It is available only to developers right now, but one of the features Apple is adding is designed to help you choose more secure passwords, and manage them effectively without writing it on a sticky note pasted on the front of your monitor.
iCloud Keychain basically takes the password storage and management features of the existing Keychain feature and moves them to iCloud, where they can be accessed by and synced across iOS devices as well. The Mac OS X system running “Mavericks,” and any iOS devices with the upcoming iOS 7 will be able to auto-fill complex passwords from the iCloud Keychain.
That’s awesome for users who live and die by the Apple ecosystem, but it won’t work for someone using a Windows PC with an iPhone, or someone using a MacBook Pro with an Android smartphone—at least not yet. It’s a good solution, but an Apple-centric one.
PasswordBox is a new service that functions much like iCloud Keychain, except that it works cross-platform. PasswordBox is available on Mac OS X and Windows, and it’s available for iPhone, iPad, and Android mobile devices.
Like iCloud Keychain, PasswordBox stores passwords in the cloud using strong encryption to protect them from unauthorized access. When you need to log in, PasswordBox automatically retrieves the appropriate credentials. PasswordBox is free (for managing up to 25 passwords) and provides tools that let you share your credentials with family or friends—should they need the information if something happens to you—without directly revealing your passwords.
There are other services out there like 1Password, and LastPass that let you manage secure passwords more effectively. There is some concern about storing the keys to your digital life in the cloud—but it’s probably more secure than writing it down on a piece of paper and shoving it in your desk drawer, and it gives you access to your passwords any time and anywhere, from just about any device.
Despite Bill Gates’ prognostication, passwords don’t seem to be going away just yet. Make sure you choose secure ones, and find a tool that lets you remember and use them more easily.