CSA Online 1Password 1password.com $2.99/month Suggests then stores passwords in a secure online vault. Unlocks with your passphrase or fingerprint on mobile devices. Also securely stores credit card info, passports, birth certificates, notes, whatever. LastPass lastpass.com $2/month Creates and securely stores passwords for easy recall. Works on a wide array of devices including Apple Watch. Includes provisions to share passwords with family in an emergency or crisis. If you just want someone to say “use this one,” use this one. Google Chrome Getchrome.com Free If you don’t mind entrusting Google with even more personal information, the Chrome browser includes a powerful password manager that can also suggest secure passwords for sites as you sign up. But Who Would Care About Little Ol’ Me? A common refrain when it comes to online security and personal privacy is that none of us are interesting or important enough to be targeted. That may well be true (I can only speak for myself here), but it’s not about us as individuals. It’s about usernames and passwords in aggregate being sold on the commodity black markets of the Internet. Take this made-up but entirely plausible example: I sign up for an online casual games site to play solitaire, hearts, euchre, whatever. Since this is just a game site, the security stakes are lower. The proprietor stores usernames and passwords in plain text, as opposed to securely. A hacker finds a back door and manages to download reams of login and password information before anyone notices. If I used the same password for this site that I do for my e-mail, my e-mail is now compromised too. Now, think about the password reset process for just about every online service out there. It’s e-mail- based. With access to my e-mail, there now exists the very real possibility that my online banking, investment and other high-stakes accounts can be compromised too. It doesn’t matter how secure those passwords are if someone can just go in and reset them. Internet ne’er-do-wells aren’t trying to break into accounts one at a time. They have scripts that will try the usernames and passwords which they’ve acquired automatically. Out of tens of thousands of attempts, they’ll get a few hits and only then do they even think about paying individual attention. We’ve all heard the truism that a chain is only as strong as its weakest link. The online games site was that weak link and, to both mix and abuse metaphors, it became the narrow end of the wedge. So…What Do We Do? We compromise our online security because we’re human and we can’t remember 100+ passwords that meet the varying requirements of every site. UriTwiofhc{WN7fH is a good password…but who could possibly hope to remember it? Let alone 99 other secure passwords? The solution is to use a password manager that you trust. The bad news is that the really good ones cost a couple or few bucks a month. The good news: it’s 100% worth it and the whole password experience is better when using one. We’ve offered a few options on the top right corner of this page. These services create secure passwords and eliminate the need to remember them. Every single site to which you log in can have its own super secure password. All you need to do is remember one password; the password that unlocks your password manager. It does the rest, recognizing and automatically filling in login forms on your computer, tablet or smartphone. It’s the simplicity that we as humans require with the security that we as online denizens need. So, what should your one password be? It certainly can’t be from the top-25 list, but it doesn’t have to be anything as obtuse as UriTwiofhc{WN7fH. Think instead of a phrase. Something memorable. I can’t tell you what yours should be, but I can tell you that 44°C-baths-are-nice is easy to remember, would have been impossible to guess before I wrote it down and would take years of brute force effort to crack. 123456 password 12345678 qwerty 12345 123456789 letmein 1234567 football iloveyou admin welcome monkey login abc123 starwars 123123 dragon passw0rd master hello freedom whatever qazwsx trustno1 The most common passwords of 2017 CSANews | WINTER 2018 | 53
RkJQdWJsaXNoZXIy MzMzNzMx