Saturday, June 23, 2012

Store passwords



Use the same password for all services at once - one of the most serious errors. But keep in mind a lot of unique passes - clearly an impossible task. I've tried accustom themselves to the use of password managers like KeyPass (keepass.info), but this still did not work. To open the program to search for the password there - obviously not the most convenient, that you can think of. Yes, and local storage, which contains the encrypted passwords, smacks of archaism - do not pull him out on a flash drive? :)


In short, I decided to try to address that as well as KeyPass, would help to generate unique passwords and save them, but in addition automatically would use them in your browser! The options here are not so much. Among the solutions to the most specialized software was promoted 1Password (agilebits.com / onepassword), which originally appeared for the Mac, but later and has been ported to Windows. The product is very high quality, but to give $ 69.99 for cross-platform version of it seemed to me too. Especially today, when almost all you can find a free alternative. Such, in general, found a really fast - it was a wonderful service LastPass (lastpass.com), where I stopped.

Very briefly the reasons why I chose it:
  • First, universal service and runs under any OS (Windows, Linux, Mac), which was an important criterion for me. It has plug-ins for all popular browsers (Firefox, Internet Explorer, Chrome, Safari, Opera). And paid subscribers ($ 1 per month) versions are also available for popular mobile OS. 
  • Second, LastPass does exactly what is required - automatically prompts you to save passwords and form data and then inserts them in the next time you visit the page. If the accounts for the site of a few, you can quickly switch from one to another. And if for some crooked site data is not automatically parsed, it is easy to fix. 
  • Thirdly, LastPass stores encrypted passwords in the cloud, so store the password is not necessary to carry on a flash drive, or subverted, with its synchronization through the same Dropbox. Access to storage is protected with a master key (complex password), which for security reasons can not be recovered.
I'm not going to talk about how to use LastPass, - everything is elementary. But I can not share with you some useful chips, which pleased me.

Only the fact that the passwords are stored in a secure repository, the really does not make them safe. LastPass with your permission can do a quick analysis of the passes, it is easy to find among them a simple and explicit weak (like "123456"). The program is built in benchmark, which calculates the reliability index of passwords - the result can be compared with that of other users in a special rating. Many are likely to confuse the ability to access passwords with one master key only. No problem! On a flash drive can write a special utility LastPass Sesame (there are versions for all operating systems), which essentially turns the drive into a token. If you activate your account LastPass one-time passwords, then log in without this token is no longer possible. Each time it will be necessary to insert the USB flash drive, run the Sesame program and use the generated password, along with his master key. Only in this case it will be possible to get to the store. Individually, that the master key that flash drive with Sesame value to the attacker is no longer present.

Two-factor authentication through Google. For authentication you can also buy a real token - such as Yubikey for $ 25 (store.yubico.com), - but you can use a ready solution from Google. Let me remind you that the system of the search giant has set a special application on the smartphone (Google Authenticator), which at one time generates a unique one-time key. Since I always use this system to log into Gmail, I immediately tuned it and to protect LastPass. Detailed instructions can be found on the official website (helpdesk.lastpass.com/security-options/google-authenticator).

In fairness it should be noted that one-time passwords and two-factor authentication is available only to paid subscribers. But $ 12 a year - not much of a fee for secure storage of passwords.

No comments:

Post a Comment