![]() Keeping clients' computers safe and profitable for over 30 years | |||
Home Forms About Current Newsletter subscribe Search All Articles
Browse by Category
![]() |
Review Your Password SystemPreview:
How to improve your password system, or create a new one. Basic rules for password and other vital information storage. Mistakes you should avoid. The continuous problems Lastpass has had with breaches of their database and lack of transparency has caused many to review their password strategy. Lastpass was once an excellent and highly regarded service, and now we learn, they had poor security measures. They exposed their users to both privacy loss and potentially, exposure of their entire password vault. It should act as a wake-up call for all of us to review our password strategy.
![]() The Absolutely Insane ActionsHere are the things no sane person should do.
The Mistakes Sane People Could Make
Encryption Made Very EasyYou should encrypt your passwords, log-ins, licenses and other important information that you store on your computer. This process requires some responsibility on your part and some for your software or password system.
Your Job
Their job: What your password manager needs to do.
Reviewing Your PasswordsIt is a good idea to review your passwords occasionally. The two things you are looking for are poor quality passwords and duplicate passwords. These should be fixed if they matter at all. In Keepass choose Find from the menu, then select Duplicate Passwords or Password Quality to get your report. Other password programs should have similar options.
Throw away the idea that you should know your passwords. I normally have no idea what password Keepass generated and don't care. The exception to long random essentially untypable passwords is if it is a site where I might need to type it in. For example my Google password which I need to type when I get a new phone or tablet. Also, my Paramount+ streaming service that I imagine I might need to type using my remote control on my TV screen!
Consider changing any duplicate passwords that are still functional.
Consider changing any password with fewer than 100 bits of entropy. Most security experts recommend at least 128 bits of entropy. I make all my passwords over 200 bits if the website allows it. Crackers are getting better and better and I'd like my passwords to remain secure in a few years so I don't have to go change them again!
Check Your Database SecurityYou should check the basic security settings of your password database. The normal procedure is to transform the key many times then use the result to encrypt and decrypt the database. The idea is to slow down any attempt to crack your password file. If your password could be cracked in 1 hour and you inserted 100,000 transformation iterations then it would take 11.4 years. I recommend 500,000 to 1 million iterations for most systems.
Keepass does this from the File menu, then Database Settings, then Security. Check the iterations and increase if prudent. Be sure you don't set it too high because it'll slow you down too. Keepass has a 1 second delay button to determine how many iterations your computer can do in one second. Remember, if you use the database with other computers or your phone, then they'll require the same number of iterations. Don't overdo it.
Bitwarden defaults to 100,001 iterations on your device, then they do another 100,000 on their server and use that. You can probably increase your 100,000 to 500,000 without being inconvenienced.
NoteThough I've never used it, I have heard excellent things about 1Password and if you are using that, I do not recommend a change. They seem to be fine.
Further Reading
Date: February 2023
![]() This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. |
||
|