Recently I’ve helped several family, friends, and clients recover access to their vital online services. Resetting passwords for some websites can be as easy as a “I lost my password” link. However, trying to recover a password for a Gmail account or Apple ID can be very difficult. This article is to share some of the tools we use to manage passwords.
Why Strong Passwords Are Important
As web developers, when we store passwords in a database, we always encrypt the passwords using the MD5 cryptographic hash function. When we look at these encrypted passwords in the database, all we see are strings of 32 characters that make no sense at all. Of course, no encryption method is uncrackable. However MD5 hash is pretty hard to crack, unless you are using a common word as your password.
There are online tools that have large databases of common words that are matched with MD5 character strings. If a hacker wanted to know your password, and you use a common word that is in the tool’s database, then it would be easy for a hacker to figure out your password. You can try this yourself.
For example, this MD5 hash is the word “password”, 5f4dcc3b5aa765d61d8327deb882cf99 . Now search Google for “md5 hash cracker”. You’ll find many sites offering free services to crack MD5 passwords. Pick one and use it to decrypt the hash 5f4dcc3b5aa765d61d8327deb882cf99. You will find that it will result in the word “password”.
Now try to decrypt this more secure fake password “34$Abm2d>”, 0195ff9e44c82b0d1b1e8203d5855e47. When I try using CrackStation it returns no result.
So imagine a hacker breaks into a website that you use, maybe your bank, and steals all the encrypted passwords for all the user accounts. Then the hacker runs the encrypted password against a database of known words. If you use an easy password, then it is likely the hacker will learn your password. However, if you use a “strong” password, then it is less likely the MD5 hash of your password will return a result in the hacker’s database.
What is a strong password? A strong password is a string of at least 8 characters using numbers, lowercase letters, uppercase letters, and symbols. The more characters the better. Also, you do not want to re-use passwords for every website. If a hacker discovers your password, he may try it on other websites where you have accounts.
So now that you have a unique password for every website, and the password is a random string of characters, you are going to need a way to keep track of these passwords. There are many tools available to help you keep track of passwords, but I will cover two that I have used successfully for many years.
Years ago a friend introduced me to the Apple OS X application 1Password. Since I began using 1Password, the publisher(AgileBits) has released versions for Apple iOS, Google Android, and Windows. The beauty of this software application is that I only need to remember one password to easily login to all of my online accounts.
I have 1Password installed on my Macbook Pro, iPhone, and iPad. The passwords are synced via iCloud from each of my devices. There are also other methods to sync, like Dropbox.com. When I create a new password on my laptop – using the 1Password browser plugins for Safari, Chrome, or Firefox web browser – 1Password stores the password in it’s encrypted database. Then the encrypted database is synced to my iCloud account to be available for my iPhone and iPad.
Later, when I try to login to a website of which 1Password has stored the password, I only need to click the one password icon in the web browser to access the stored password. In addition, 1Password will enter the username and password into the login form for me.
I could type all day about the benefits and features of 1Password, but this super slick video from AgileBits does a better job.
Our team, here at Aslan Interactive, share thousands of passwords. Over the years PASSPACK.com has made sharing passwords, amongst our team and our clients, both easy and secure. When a team member creates a new password, it can be shared with all or some of the members of the team. We can also share passwords with clients. If a password changes, the new password is updated in Passpack and then is available to all users who have been selected to share the password. Also, there are times I’m visiting a client using computer that is not my own. I can easily log into Passpack and retrieve a password.
If you care about your online security then you need to use strong passwords. If you are tired of losing the sticky notes on which you wrote your password, then you need a better way of securely storing your password information. 1Password and Passpack are great solutions. Recently, I saw that 1Password launched a new products for teams. I’ll have to check it out for the Aslan team. For now, Passpack is working very well for us.