We  all understand and know the importance of password usage .  A quick over view of the basic foundation for strong password usage is: 

  • Never use personal information such as your name, birthday, or spouse's name. Personal information is often publicly available, which makes it easier for someone to guess your password.
  • Use a longer password. Your password should be at least six characters long, and for extra security it should ideally be at least 12 characters (if the site allows it).
  • If you need to write down your passwords, keep them in a secure place. It's even better if you encrypt your passwords, or just write down hints for them that others won't be able to understand.
  • Don't use the same password for each account. If someone discovers your password for one account, all of your other accounts will be vulnerable.
  • Try to include numbers, symbols, and both uppercase and lowercase letters (if the site allows it).
  • Avoid using words that can be found in the dictionary. For example, "swimming1" would be a weak password.
  • Random passwords are the strongest. Use a password generator instead of trying to think of your own. 

What event happened to me that causes me to use the above items as my password holy grail? One of the sites I most frequent for years had been breached via a exploit many years ago. Of course the result was the ever loving email "Change Your Password" we have been popped. No worries thinking to myself. Head off to change my password and bang for the life of me I could not remember it. I had used the password save option in the browser for so many years that I had forgotten my password. Oh crap… How many other sites had I shared this password with?  had been so dependent on that dang saving password option that I may have used the same password over and over. What did this lead to? well going to every single site I have a password with and changing it. I not only changed passwords to sites but to email address as well. That number of passwords for sites and emails combined rose to around 67! 

Now I had used a random generator site to create all the different passwords. So if anything they were very memory unfriendly. To store all my newly created sites and passwords.  I ended up using OneNote because it has a option to Lock down notes. I could create a password for my page that contained all my passwords LOL. This worked great yet it was not super handy on a mobile device or heck even my laptop as I would have to head back to the OneNote copy and paste the password then head back to the browser. To much work for those sites I frequent on a daily basis. So the solution I came up with? 

A two prong attack Keepass And LastPass. I am going to focus on LastPass as its mobile usage is much more simple then KeePass. 

LastPass is a online service designed to keep track of your websites and the passwords associated with them. Giving up ones websites and passwords to a online service was no easy choice for me (hint KeePass). Just thinking heck if this place gets popped dang their goes all my secrets.  Heading off to professor Google. I asked the basic question is LastPass secure? They large majority of answers came back yes through various sites. However the one that caught my eye is Steve Gibson of https://www.grc.com/intro.htm  A leader in internet security has gave LastPass glowing reviews and yes according to Steve Gibson the product is indeed safe and secure. 

LastPass has the ability to create those funky passwords when one signs up with a site. It will store the website/username/password so when you revisit the site it automatically logs you in if you choicer that option. LastPass has apps for pretty much all the major browsers you may find in a PC/Tablet. For mobility with phone they have apps for all major phone OS. So what ever you save on your phone is available to your PC and or tablet. You can even export the data into a CSV which I would store in OneNote under password lock just for back up reasons. You can even run Multifactor Authentication to the system itself for added protection for login. A very easy to use program for a very important task. I myself do not keep my banking info and or server logins in LastPass I mean heck not everything needs to be "Out" there as far as I am concerned. For everything else it is a different story. 

I do many services for many people. And this does include being admin inside there websites and other products. Proper strong Password usage is of top priority to keeping my customers data safe. 

With that in mind you can grab LastPass at https://lastpass.com/  Do not waste your time with the free version. Just go premium from the very start. As the premium version has all the Phone Apps Multifactor Authentication as well as many other very cool options. So get out there and take care of business because one day your favorite site may get breached and bang you will be hitting the ground running...

Our backup support forums in case your support center is out. Support forums

Video Tutorials:
Our knowledge base on video. 
Video Knowledge base

BackUp Your Website:
More Info on our backup packages. 
Backup Packages

Thank you for choosing G.C. Solutions for your web service needs.

Frank Doud
G.C. Solutions

Wednesday, April 23, 2014

« Back