Apps that help manage passwords can make it easier to have more complex passwords without having to remember each one individually.
It became official again this week: We are awful at passwords.
Year after year, studies show that many people still rely on passwords that are so weak even a 5-year-old could crack them.
According to a study released this week by SplashData, a developer of password-management software, consumers continue making the riskiest choices with passwords by consistently using overly simple ones: “123456” and “starwars,” for instance.
I am no better than the rest of you. The password-management app Dashlane recently ran a security audit of all my passwords — and what it found was ugly. It revealed that out of my 70 passwords, I had reused the same one 46 times. Twenty-five of the passwords were flagged as being particularly weak, or easy for a hacker to crack.
Most Read Stories
- There’s a reason why ‘rebound’ body odor flares, fades | The People's Pharmacy
- FBI’s massive porn sting puts internet privacy in crossfire
- Seahawks' Michael Bennett on Colin Kaepernick: 'I support him and all the stuff he's doing'
- High-tech images point to the valor of a sergeant left for dead
- Ex-Boeing CEO Stonecipher, wife, sue to keep dozen cats in 6,700-square-foot N.C. house
In my shame and embarrassment, I put together a guide of best practices for passwords and tested some tools that would help manage them.
Here’s what it boils down to: To have the safest passwords protecting your digital life, each password should be unique and complex. But since memorizing 70 unique and complex passwords is nearly impossible, we also need password-manager programs to keep track of them all.
Password managers are a type of app that locks passwords in a vault and allows access to them with one master password. I tested three popular password management services — LastPass, Dashlane and 1Password — for several days. All were similar, with 1Password standing out as the most cleanly designed (and least annoying) password-management tool.
I began by cleaning up my password hygiene, spending 2 ½ hours logging in to all 70 of my Internet accounts and changing each password, one at a time. Following the advice of security experts, I created long, complex passwords consisting of nonsensical phrases, lines from movies or one-sentence summaries of strange life events, and added numbers and special characters. (Samples: My favorite number is Green4782# or The cat ate the CoTTon candy 224%.)
Then I turned to the password managers, which store your passwords and make them accessible with a master password. Naturally, your master password should be rock solid. So for each of the three apps, I created a complex master password and jotted those down on a piece of paper. After a few days I memorized those passwords and threw away the paper.
I recommend 1Password for several reasons. The app consistently and automatically detected whenever I logged in to websites or created new passwords to ask if I wanted to add a password to the vault.
When logging in to a site, I clicked on the 1Password icon in a browser or opened the app on a phone, entered my master password and selected the service I wanted to log in to in order to plug in the password. (1Password can be set up to require the master password after a certain amount of time, say five minutes, if you don’t want to keep entering it; on iPhones it can be configured to unlock the vault with your fingerprint instead of the master password.)
Of the password managers I tested, Dashlane was the most frustrating because it nagged me with too many questions. After I used Dashlane to log in to TicketWeb to order movie tickets, the app asked if I wanted to save a copy of the receipt inside its vault. In the process of doing that, it froze the browser and I lost access to the Web tickets for a moment.
Also, whenever I created a new password, Dashlane sent notifications asking if I wanted the app to automatically generate passwords for me — which was not my preference.
Dashlane said the app was proactive about notifications partly because it was designed for users who may not be technically savvy.
The third app, LastPass, was less annoying than Dashlane, but in multiple instances it did not detect when I was logging in to a website to add the password into its vault. That required me to manually create a new password entry to add to the vault.
Each of the apps offers the ability to share password vaults across multiple devices — smartphones, tablets and computers.
Wireless synchronization for passwords is a necessity: You don’t want to be locked out of a service on your smartphone because you left your laptop containing all your passwords at work, for instance.
What distinguishes the password-management apps is how they share your passwords among different devices, and how much they charge.
Dashlane is initially free and hosts its own cloud server to share passwords across your devices, but it costs $40 a year to use the cloud service.
LastPass is also free upfront; it offers the ability to share passwords across devices for $12 a year.
The app 1Password came out on top because it offered the most value for the money. For a one-time payment of $50, you get a license to use 1Password on a computer. You can use the core features of 1Password on iPhones or Android devices free — if you want to unlock extra features, like the ability to store serial numbers for software licenses, it costs $10.