I have more than 80 passwords for various sites including email accounts, shopping sites and online forums. That's a lot of passwords, but no two are the same. And I know none of them by memory.
That's because I use an online password manager called LastPass, which both randomly generates passwords and stores them under digital lock and key on servers the company behind LastPass controls. To gain access to my list of passwords, I have one master password.
It's a simple, relatively convenient and supposedly secure method of creating and accessing passwords, and in an era in which, according to a recent article by the online tech site Ars Technica, hackers have entered a golden age of password cracking, it or a similar service is worth considering.
The Ars Technica article by Dan Goodin is a fascinating, and disturbing, account of how hackers have more powerful and cheaper tools at their disposal than ever before.
At the same time, online users have become lazy and are reusing the same password for multiple sites. We're also using predictable patterns of creating our passwords, and as hackers have broken into major online services and retrieved millions of passwords, they are discovering common patterns to reduce the variables needed in cracking passwords through brute force calculations.
Some of us make it easy for hackers by using passwords like "password" or the names of pets and hockey teams. But according to Goodin, even relatively sophisticated users are getting tripped up. In creating our own passwords, according to actual databases uncovered by hackers, we almost always put capital letters at the beginning, and nearly all punctuation and numbers at the end. We also have a tendency to use first names followed by years, "such as Julia1984 or Christopher1965," Goodin writes.
What's worse is we use the same password for multiple sites. If that's your strategy, it means if someone guesses or discovers your password for your Facebook account, they will also have access to your Yahoo emails, Twitter and Flickr. You're giving it away.
Goodin's article goes into much more detail, but the obvious takeaway is that we're lousy at creating our own passwords. The more memorable we make them, the easier they are to guess. When we try to make them stronger with fancy capital letters and numbers, we fall into predictable patterns.
That's where services like LastPass, and similar services such as 1Password and Roboform, come in. They will randomly generate passwords for you as strings of numbers and letters and store those passwords in an online account only you have access to. The advantage of online access is that you can access your LastPass account from just about any compatible computer or mobile device using your browser.
Using such a system requires a change in approach. You won't know your passwords by heart and won't need to. You will have to remember your master password and keep it secure.
You also have to trust that the online service knows how to keep your passwords secure. But LastPass says not even it can gain access to the stored passwords of its users, and the service comes recommended by security gurus like Steve Gibson.
The basic service from LastPass is free, which is all I use. It sometimes gets confused by multiple accounts for the same website or email service. But it's relatively easy and convenient, and ease and convenience are half the battle in online security.
Barry Link is the editor of the Vancouver Courier.