Saturday, March 9, 2013

Are Personal Password Database Sites Safe & Secure?

Basic tips & techniques for your daily password management!

Earlier this month, there was an expert on a popular U.S. morning news show advising people to use personal password database sites to keep track of their passwords. I couldn't disagree more.

While I commend the expert for advising people to use multiple, diverse and difficult-to-guess passwords for their different online accounts, I do not believe storing these passwords in the cloud is the best idea.

Here are four password-keeper services I saw recently being promoted for use within this Payment Systems post. Here are my thoughts on each of the four: 

KeePass: If you want to use this service, use it with a USB instead of Dropbox, which has had some security breaches in the past year. Although Dropbox recently announced improved security, I still don't want to entrust my passwords to a cloud service of any kind (Keep in mind lots of folks working for the cloud service have access to the info, simply as a matter of supporting the service.)

1Password: I'm leery. If someone else gets my computer, will the service's web integration allow them to access all my accounts? I pass on 1Password. 

LastPass and RoboForm: Many security folks approve of LastPass and RoboForm. Indeed, the services have been around for a few years. But I do not like the lack of information about how they secure their sites. I would not use these services, as they are cloud-based, and I simply do not want to share my passwords with others in this way. If you want to use them for managing the passwords for your websites with non-sensitive information, that's an option. However, keep your banking and other financial passwords with you and don't share with an online site.

It continues to be important to have multiple and varied passwords. At a minimum, your social networking passwords should be vastly different from your financial and banking passwords.

As for how to keep a record of these sites, if you don't want to use a password management service like KeePass to store your passwords on your own devices, try an encrypted Excel file, or even a good old-fashioned notebook that you keep locked away.

These alternatives may not be high-tech, but given the password management cloud services sites' vulnerabilities, it's much safer right now than relying on cloud-based services, which are major targets for hackers.

No comments: