REQ Recs: Password Management Tools Worth Using


Those of us who work in the digital world are very familiar with the Heartbleed Bug that plagued the Internet this spring. This bug created a serious vulnerability in the OpenSSL cryptographic software library, exposing information that would normally be protected (as evidenced by the lock icon) to theft and making the Internet a frighteningly insecure place. In the fallout from the Heartbleed Bug, many frustrated Internet users set out to change their passwords, desiring more protection on sites where sensitive information is collected: online banks, shopping sites, social networks, etc.

This isn't the first time that users' online identity and banking information has been vulnerable, but the Heartbleed Bug serves as an important reminder that we all need to be vigilant about protecting our private information online. This leads to a discussion on 'password best practices' (spoiler alert: 'password123' is not the way to go!). You need to create complex passwords that can stand up to hackers, but who can remember a long string of numbers, letters, and special characters?

A growing number of online services offer a way to protect and manage passwords by securing them behind a single, complex password or by presenting a number of identity question barriers that users need to answer correctly before access will be granted. Mashable wrote about the gain in popularity these services were experiencing following Heartbleed - one password service, LastPass, added 125,000 new users in one week, about 90,000 more than on an average week!

'We are getting a lot of customers who have heard of Heartbleed and they haven't really thought significantly of their Internet security until now,' 1Password CEO Jeff Shiner told Mashable reporter Seth Fiegerman.

At REQ, our team uses a variety of services to keep important passwords protected. Here are some of our favorite password management services and why we like them:

Passpack
Used by: Melissa Cahoon, Bari Friedman, Rachel Racoosin
Cost: Free
App: No
'There are two things I really like about Passpack outside of its ability to store all my passwords in one place. The first is the login process - I'm asked to enter my user ID and password, then I have to click a black square on my screen to continue, finally I enter my Packing Key, which is a long sentence known only to me. The second thing I really like is the password suggestion tool. You can choose how long you want the password to be and whether or not you'd like to include special characters. It's so helpful for someone like me who would make every password the name of my dog if I didn't have Passpack's help.' - Melissa Cahoon

1password
Used by: Chip Cullen
Cost: $34.99-$99.99 (for 5 users)
App: Yes
'I like 1Password for a bunch of reasons. A few of the big ones:
- Your password collection can be shared across devices and computers
- You can control where your passwords are kept - they are never reachable by Agile Bits, the software maker
- It can generate strong passwords
- You can keep useful things like credit card information in a safe, but useful place'

KeePass
Used by: Jim Huang
Cost: Free
App: Yes
'I use KeePass because it's open source and free (bonus!). I believe, like many others, when it comes to security users should have oversight over the code that protects their passwords, a good example of this is OpenPGP.'

Lastpass
Used by: Miro Scarfiotti
Cost: Free (Premium costs $12/year)
App: Yes
'I use LastPass because it provides strong encryption, synced passwords in the cloud, and the ability to share access to specific sites with individuals or teams.'

SplashID
Used by: David Bone
Cost: Several different levels of pricing, from one-time $9.99 fee to $19.99/year
App: Yes
'SplashID is my little black book in the cloud. Totally secure. When my phone was stolen last year, I had no worries about any of my accounts being hacked. I don't think I changed a single password.'


Tips for creating a strong password


  1. Don't use the same password everywhere. While 'RedSox' may be an easy phrase for you to remember, you'll be sorry when a hacker realizes it's your password to your email, and bank account, and airline miles account, and .

  2. Change your passwords often.

  3. Avoid common phrases and words. 'Password' is, in fact, one of the worst passwords out there. Stay away from the obvious and make it harder for people who want access to your account. Don't use personal information like your name or street address, either.

  4. Don't forget to include one (or more) special characters.

  5. Include upper- and lower-case letters as well as numbers. Did you know it would take about three hours to crack 'QxRfPyN' but six years to crack 'Qx4Rf3P1YN'?

  6. Try creating an acronym from a favorite or memorable phrase. For example, 'Take me out to the ballgame, Take me out with the crowd' would become 'tmottbtmowtc.'


To sum it all up, the Heartbleed Bug gave us all a much-needed kick in the pants - it reminded us that we need to be careful out there on the Web and inspired a roundup of password management services as well as a review of password best practices. Password protection may not be glamorous, but it's essential maintenance that we all have to do. Stay secure!