Cyber Security Month Blog 2: Password Managers

Do you know the password to your Amazon account by heart?

I don’t, I haven’t got a clue as to what any of my passwords are except for two, my password used to log in for work and my master LastPass password, that’s it.

All my passwords are managed from my LastPass and Password Manager. If I need to log into a site, then I reach for my mobile and look it up. None of the passwords for any site I use are the same and they all have a combination of numeric, alphanumeric, special characters and are long e.g. *&hG^s%DD3b01d7Of$AUJF

And before you ask, no that isn’t one of my passwords, that’s as made up and random as a password manager makes them for you.

So how strong is strong for a password? Every year the top passwords used are published. These are passwords which are obtained from data breaches which have occurred.

The top 10 password used, as published by SplashData, in 2017 were:-

1. 123456

2. Password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. letmein

8. 1234567

9. football

10. iloveyou

In an offline password attack scenario, number 10 in the list ‘iloveyou’ could be cracked in 2.17 seconds compared to my made up complex password above which would take 1.04 hundred billion trillion centuries!

Without typing in your own passwords, you can find out how quickly a password could be brute forced in an attack by going to GRC’s Interactive Brute Force Password “Search Space” Calculator https://www.grc.com/haystack.htm

Hopefully from reading this, if you are not using one already a password manager it is something you now want to start using, but which one?

I have used LastPass for many years, I can use it on my mobile, on a browser (though I never do). They have a free version or a premium version. LastPass never stores your actual master password, none of their employees, including the boss can ever find this out which gives me assurance. The technical bit, LastPass store a one-way salted hash of your master password which is then hashed multiple times with PBKDF2-AES256, which means it is virtually impossible to brute force.

Clearly, I’m biased towards a single password manager, but there are others like Dashlane, KeePass, Roboform, but don’t use a password protected Excel file as the password can be broken in minutes!

You can find out more information on password managers here:

https://lifehacker.com/5529133/five-best-password-managers

Share this...

Share on email
Share on twitter
Share on linkedin
Share on facebook

Find out

More

Every day our teams of experts are analysing information like this, providing high-level need to know reports for our clients so they can continue to stay ahead and lead their industries.

Get an unfair advantage – subscribe to our mailing list by filling out the form opposite. You can find out how we look after your data in our Data Policy.

About the Authors