Tony Bradley @bradleystrategy
It’s tough to keep track of all of
your passwords. In spite of advances in biometrics, and increased attention on
the value of two-factor authentication, passwords remain the primary means of
digital security. They're also one of the weakest links in the security chain.
If we can’t get rid of passwords, we need a better way to manage them.
Remember when passwords were going
to die out? Bill Gates told an audience, "There is no doubt that over
time, people are going to rely less and less on passwords. People use the same
password on different systems, they write them down and they just don't meet
the challenge for anything you really want to secure."
That was in early 2004. Nearly a
decade later we still rely heavily on passwords, and passwords still
suffer from all of the same weaknesses Gates described.
I used to be guilty of recycling the
same password across virtually every account as well. The sites and services I
use broke me of the habit because the password policies are so different from
one to the next that it became very difficult to even find a password that
meets the requirements of all of them.
Fair enough. It’s a horrible policy
anyway. Security best practice suggests you should use different passwords for
different sites. Just as you don’t use the same key for your front door, car,
bike lock, and safety deposit box, you don’t want to have the same password
“unlock” all of your information. If one site or service is compromised and an
attacker gets access to your password, you don’t want it to be a universal key
to your entire online identity.
Passwords are literally the keys to
your online world.
Apple recently unveiled details of the new Mac OS X,
“Mavericks.” It is available only to developers right now, but one of the
features Apple is adding is designed to help you choose more secure passwords,
and manage them effectively without writing it on a sticky note pasted on the
front of your monitor.
iCloud Keychain basically takes the
password storage and management features of the existing Keychain feature and
moves them to iCloud, where they can be accessed by and synced across iOS
devices as well. The Mac OS X system running “Mavericks,” and any iOS devices
with the upcoming iOS 7 will be able to auto-fill complex passwords from the
iCloud Keychain.
That’s awesome for users who live
and die by the Apple ecosystem, but it won’t work for someone using a Windows
PC with an iPhone, or someone using a MacBook Pro with an Android smartphone—at
least not yet. It’s a good solution, but an Apple-centric one.
PasswordBox is a new service that functions much
like iCloud Keychain, except that it works cross-platform. PasswordBox is
available on Mac OS X and Windows, and it’s available for iPhone, iPad, and
Android mobile devices.
Like iCloud Keychain, PasswordBox
stores passwords in the cloud using strong encryption to protect them from
unauthorized access. When you need to log in, PasswordBox automatically
retrieves the appropriate credentials. PasswordBox is free (for managing up to
25 passwords) and provides tools that let you share your credentials with
family or friends—should they need the information if something happens to
you—without directly revealing your passwords.
There are other services out there
like 1Password, and LastPass that let you manage secure passwords more
effectively. There is some concern about storing the keys to your digital life
in the cloud—but it’s probably more secure than writing it down on a piece of
paper and shoving it in your desk drawer, and it gives you access to your passwords
any time and anywhere, from just about any device.
Despite Bill Gates’ prognostication,
passwords don’t seem to be going away just yet. Make sure you choose secure
ones, and find a tool that lets you remember and use them more easily.
