Resurrection
13.07.11, 06:33
Three Tools for Proper Password Management | Blogs | ITBusinessEdge.com (http://www.itbusinessedge.com/cm/blogs/mah/three-tools-for-proper-password-management/?cs=47747)
--------------------
You have probably read recent news reports about how hacking group Lulzsec broke into an online site and posted the stolen email addresses and passwords onto the Internet. (http://www.pcworld.com/article/230523/fraud_starts_after_lulzsec_group_releases_email_pa sswords.html) Accounts of how this resulted in unscrupulous individuals using these passwords to access other online services only served to confirm the sobering fact that users are using the same passwords across various online services. This is a problem made worse given that the majority of users don't change their passwords either. (http://www.itbusinessedge.com/cm/blogs/mah/symantec-majority-of-users-dont-change-their-passwords/?cs=40435)
When you really think about it, is it surprising that users are reusing the same passwords in the absence of an easy way for them to manage multiple passwords? To tackle this particular point, I decided to explore some of the most popular password managers around today. I examined a trio of them and have highlighted some of their key capabilities below.
The good news is that password management tools are no longer in the Stone Age and are actually quite user-friendly and sophisticated. Do take a look and do consider implementing them into your SMB if you have not already done so. And, as always, do feel free to chip in with suggestions of your own.
KeePass
KeePass (http://keepass.info/download.html) is a popular open-source (GPL) password management software for the Windows operating system; not only is it free, but the security-conscious can also examine the source code for backdoors. KeePass ports are available on a wide variety of popular operating systems such as Mac OS X and Linux, as well as mobile platforms such as iOS, Windows Phone 7, Android and BlackBerry. What I really liked about KeePass is how passwords are stored in a single highly encrypted file that is easily transferred between computers, or synced between multiple devices using an online cloud service such as Dropbox. Moreover, if so desired, the application can be launched from a USB stick without a messy installation. Finally, KeePass for Windows also supports a large number of plug-ins to further extend its ease of use and capabilities.
1Password
1Password (http://agilebits.com/products/1Password) is commercial software that touts itself as more than a password manager. 1Password integrates with your Web browser to facilitate logging into websites, filling in of registration forms and entering of credit card information. As you may expect, all popular platforms are supported, such as Windows, Mac OS X, Android and iOS (iPhone and iPad). According to its website, a Windows Phone 7 version is currently in beta. Dropbox sync is supported by default, though the price tag is relatively hefty at $39.99 for the Windows and Mac OS X versions. Various pricing bundles are available at discounted prices though, and a 30-day trial is available for the Windows and Mac OS X versions. You can find more information about the bundles here.
LastPass
LastPass (https://lastpass.com/support.php?cmd=showfaq&id=1376) adopts a slightly different model and comes with a free version, as well as a paid "Premium" edition priced at a low $1/month. Your passwords are accessed from the LastPass browser extension for your favorite browser (Opera excluded), while LastPass Premium includes access from various mobile apps and multifactor authentication. Regardless of paid or free options, an encrypted backup copy of your password data is stored in a Lastpass.com account. What this means is that users can do away with mundane tasks such as remembering to transfer their password databases when upgrading to a new PC. According to the official FAQ, a locally cached copy of the database as well as the ability to back up to a USB drive means that users need not worry about losing access to their passwords even if LastPass were to close down.
--------------------
I've also used Roboform and StickyPassword in the past.Both are quite good.
--------------------
You have probably read recent news reports about how hacking group Lulzsec broke into an online site and posted the stolen email addresses and passwords onto the Internet. (http://www.pcworld.com/article/230523/fraud_starts_after_lulzsec_group_releases_email_pa sswords.html) Accounts of how this resulted in unscrupulous individuals using these passwords to access other online services only served to confirm the sobering fact that users are using the same passwords across various online services. This is a problem made worse given that the majority of users don't change their passwords either. (http://www.itbusinessedge.com/cm/blogs/mah/symantec-majority-of-users-dont-change-their-passwords/?cs=40435)
When you really think about it, is it surprising that users are reusing the same passwords in the absence of an easy way for them to manage multiple passwords? To tackle this particular point, I decided to explore some of the most popular password managers around today. I examined a trio of them and have highlighted some of their key capabilities below.
The good news is that password management tools are no longer in the Stone Age and are actually quite user-friendly and sophisticated. Do take a look and do consider implementing them into your SMB if you have not already done so. And, as always, do feel free to chip in with suggestions of your own.
KeePass
KeePass (http://keepass.info/download.html) is a popular open-source (GPL) password management software for the Windows operating system; not only is it free, but the security-conscious can also examine the source code for backdoors. KeePass ports are available on a wide variety of popular operating systems such as Mac OS X and Linux, as well as mobile platforms such as iOS, Windows Phone 7, Android and BlackBerry. What I really liked about KeePass is how passwords are stored in a single highly encrypted file that is easily transferred between computers, or synced between multiple devices using an online cloud service such as Dropbox. Moreover, if so desired, the application can be launched from a USB stick without a messy installation. Finally, KeePass for Windows also supports a large number of plug-ins to further extend its ease of use and capabilities.
1Password
1Password (http://agilebits.com/products/1Password) is commercial software that touts itself as more than a password manager. 1Password integrates with your Web browser to facilitate logging into websites, filling in of registration forms and entering of credit card information. As you may expect, all popular platforms are supported, such as Windows, Mac OS X, Android and iOS (iPhone and iPad). According to its website, a Windows Phone 7 version is currently in beta. Dropbox sync is supported by default, though the price tag is relatively hefty at $39.99 for the Windows and Mac OS X versions. Various pricing bundles are available at discounted prices though, and a 30-day trial is available for the Windows and Mac OS X versions. You can find more information about the bundles here.
LastPass
LastPass (https://lastpass.com/support.php?cmd=showfaq&id=1376) adopts a slightly different model and comes with a free version, as well as a paid "Premium" edition priced at a low $1/month. Your passwords are accessed from the LastPass browser extension for your favorite browser (Opera excluded), while LastPass Premium includes access from various mobile apps and multifactor authentication. Regardless of paid or free options, an encrypted backup copy of your password data is stored in a Lastpass.com account. What this means is that users can do away with mundane tasks such as remembering to transfer their password databases when upgrading to a new PC. According to the official FAQ, a locally cached copy of the database as well as the ability to back up to a USB drive means that users need not worry about losing access to their passwords even if LastPass were to close down.
--------------------
I've also used Roboform and StickyPassword in the past.Both are quite good.