Other

World Password Day: How to Manage Passwords

May 2, 2019 by Agnes Talalaev

Today, May 2nd is World Password Day. Therefore it’s a perfect day to remind you of the importance of password management tools, the importance of security, strong passwords and also give some insights about the statistics in the world of passwords.

Did you know that more than 23 million people use the password ‘123456’. 🥴

It’s probably no surprise that people use bad passwords. A recent study of publicly-available “hacked” accounts reveals ‘123456’ was the top used password, followed by “the much more secure” ‘123456789’ and “hard-to-guess” ‘qwerty’.

The study says that there are more than half a million cases where soccer (or football) fans use the club names as “Liverpool” or “Chelsea” as their passwords. For musicians, Metallica gets beaten down by 50cent. So if you know the person well, you may even guess the password a person is using.

Photo by Yogi Purnama

The most common fictional names used as passwords were “superman” (333,139 users), “naruto” (242,749), “tigger” (237,290), “pokemon” (226,947), and “batman” (203,116).

The top ten most frequently used passwords?

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111
  6. 12345678
  7. abc123
  8. 1234567
  9. password1
  10. 12345

If yours is on the list, we’d suggest going and installing a password management tool right now. Today is the perfect day, as it is the World Password Day, to start using password manager generated passwords to make sure they are unique.

Why Use a Password Management Tool?

Well, the truth is – nobody likes passwords and nobody likes to generate new passwords. That’s the reason why you should use password management tools. Life just makes so much more sense after starting to use one. And today, on World Password Day, we will focus on how to eliminate that problem.

Photo by Paulius Dragunas 

Password management tools are good for several reasons:

Firstly – you won’t remember every password you have. A very bad practice is to use one password in more than one account. To use a password is bad anyways – but we’ll go there later.

With password management tools you can easily access all your passwords from one place with one master key.

Secondly – use passphrases or generate a random key with your password management program.

Thirdly – the master key. Instead of using a password, use a passphrase, which is much longer in length. Use some numbers and upper and lowercase letters. And to make it clear – by passphrase you should consider generating a short sentence, but make sure, it’s something you’ll remember.

How to Choose a Password Management Tool?

It’s important that all your passwords are unique. A good password manager will randomly generate your passwords for you, and store them safely. It doesn’t matter what password manager you use, as long as you use one.

We use LastPass and KeePass in our team – check them out. KeePass is a bit geekier, but LastPass is widely used and has good UI. Other options are Dashlane and 1Password. It’s your choice. Also, there’s an awesome limited time deal on AppSumo for a great tool from our friends at – PassCamp. Check it out!

PassCamp via AppSumo

LastPass

With LastPass, it’s super easy to save the passwords while minding your business on a daily basis. As they say – just remember your master password and LastPass remembers the rest.

Screenshot from lastpass.com

The advantage here is that any time you log into a new account you can automatically one-click add the new password to your LastPass account and it will stay there whenever you need to use it on the account you save it to.

With LastPass, it’s easy because you can simply just install the LastPass extension in your browser for saving and accessing your passwords.

Screenshot from lastpass.com

LastPass isn’t open-source, but there is a free version that can be used. And there is a premium plan for a bit more than $2 per month if preferred. The premium plan provides users with an option to store passwords, digital records, and other items that need to be digitally secured. Also, LastPass allows users to grant family and friends access to their account if an emergency arises.

We kinda don’t want to leave out that LastPass has experienced three data breaches since it was founded. They have implemented strong encryption and salted hashes to ensure complete security in the cloud which eliminates the need to store files locally.

But on the other hand, their password management system works within the browser as an extension for most users, which makes their data a high-priority target. LastPass is easy to use and convenient, but the convenience comes with a slightly reduced level of privacy.

Want to know more about LastPass – take a look here.

KeePass (Open-Source)

KeePass is a free open source password manager, which helps you to manage your passwords. You can put all your passwords in one database, which is locked with one master key or a key file.

KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these cyphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.

Picture from keepass.info

With KeePass, the complete database is encrypted, not only the password fields. So, your user names, notes, etc. are encrypted, too.

SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically secure one-way hash function. No attacks are known yet against SHA-256. The output is transformed using a key derivation function.

Sounds impressive, isn’t it? But there’s more – KeePass as being an open-source password management tool is free and you have full control over your information.

Entering the Master Password – keepass.info

And yes, we know, it looks a bit geeky and old school.

KeePass is a localized solution that is stored in database form. Although it requires syncing to keep the file up-to-date, the information is kept separately from the various access points someone may try to access your data. Even if someone could access your KeePass file, they would need the master key to open the database to discover your other passwords. That creates a very secure solution.

Users would be required to keep backups of their database in secure locations, preferably offline, in case something happened to the primary file. (source)

Want to know more about KeePass – take a look here.

Dashlane

Since we don’t have any Dashlane users in our team we needed to go and find reviews to get the idea of what’s up with Dashlane. We have heard a lot of good recommendations about Dashlane though.

First of all – it’s easy to use, secure and provides a lot of value even on free plans. But what about the pros and cons – here’s what we found:

Screenshot from cloudwards.net

From the get-go, Dashlane looks like a fairly typical password manager in terms of features. You have auto-fill, strong password generation and apps for iOS and Android. It distances itself from the competition by having one of the most well-rounded feature packages for security, however.

Every plan comes with real-time password monitoring, even the free one. From the moment you set your password in Dashlane, it will start tracking it for any security threat or breach and notify you immediately to change your password if it finds one.

password management

The pricing is slightly more expensive than others but it sits well within the range set by other password managers. The Premium plan is slightly higher than average but comes with enough features to justify the cost.

1Password

One password management tool that has also been widely used is 1Password. Great name indicating that you only need to remember one password when using the password management tools – the master key.

Picture from 1password.com

As we read the reviews we saw that it said that 1Password is a nice password management tool out there thanks to its ease of use and excellent security. Its pricing plans are fitted more for families and small businesses rather than individual users.

One thing that caught our eye was that 1Password does not have a free plan and also there is no live support. But there is a 24/7 support forum which is also good – forums are a great way to get an insight about a product from other users.

Screenshot from 1password.com

1Password has a lot of features starting from multi-device sync, auto-fill on mobile devices (not for Android users, unfortunately), lower plans get 1GB per user and upgraded plans 5GB per user.

As for security, it uses the industry standard encryption for storing your passwords. Data is stored locally and the most interesting part of 1Password’s security model is the secret key. This 128-bit key is generated locally and never sent to 1Password. Like your master password, it’s individual to you and cannot be recovered in the event you lose it.

Bitwarden (Open-Source)

Another great password management tool that we missed (but fortunately WebARX has awesome users, who reminded us) was Bitwarden which is 100% open source software. And to top it all it has great UI as well.

The source code for Bitwarden is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase.

Bitwarden is free and available for multiple popular platforms. Bitwarden has desktop apps for Linux, macOS, and Windows, mobile apps for Android and iOS and browser extensions for just about all web browsers, including Vivaldi and Brave.

password management
Screenshot from Bitwarden.com

The core features of Bitwarden are free but if you need up to 1GB encrypted file storage, 2-factor authentication with YubiKey, FIDO U2F, & Duo and priority customer support you can choose the premium deal1GB encrypted file storage

Bitwarden and like other we mentioned here, uses AES 256 bit encryption as well as PBKDF2 to secure your data.

password management
Image from GitHub

AES is a standard in cryptography and used by the US government and other government agencies around the world for protecting top secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.

PBKDF2 SHA-256 is used to derive the encryption key from your master password. This key is then salted and hashed. The default iteration count used with PBKDF2 is 100,001 iterations on the client (this client-side iteration count is configurable from your account settings), and then an additional 100,000 iterations when stored on our servers (for a total of 200,001 iterations by default).

Passcamp

If you are looking something for a lifetime and if you are willing to invest in a starting startup you can also try out PassCamp.

The main PRO that we would emphasise on is that PassCamp is the only password manager that has unlimited guests. This means that once you set up your team, you can invite as many guests or clients that you need without paying a cent more.

So meaning other password managers mainly focus on personal use, adding team functionality as an afterthought.

password management
Screenshot from passcamp.com

PassCamp, on the other hand, was created and designed for teams. So not only do they have the features the other tools have but they also have unique features like multi-tier sharing.

You can also dig into their architecture with this white-paper and if you are looking for more info about PassCamp – this is a good place to look at.

And we also heard that PassCamp is featured on ProductHunt. Go and check it out.

Don’t Forget the Two-Factor Authentication

Two-factor authentication (2FA), also called multiple-factor or multiple-step verification, is an authentication mechanism to double check that your identity is legitimate.

It’s something that will keep your accounts even more secured and offer you an extra layer of protection, besides passwords. It’s hard for cybercriminals to get the second authentication factor. This will drastically reduce their chances to succeed.

2FA is a must-have for: 

  • Your work or personal email
  • Your cloud storage accounts (Google Drive, Dropbox)
  • Online banking
  • Social media accounts (Facebook, Twitter, LinkedIn)
  • Communication apps (Slack, Skype)
  • Online shopping (PayPal, Amazon)
  • And even for your password management apps
  • Your website

Enable 2FA on your website today!

start for free
website firewall webarx website security

Here you can find some mobile apps that you can use for two-factor authentication: Google Authenticator (available for Android, iOS, Blackberry). Authy (for Android, iOS, but also available as a desktop app and browser extension). Microsoft Authenticator (Windows Phone 7).

Today is the Day For Password Management

The best time is now. Take the time – install the one you think will work for you the best and start using password management tools. This about your master key – make it long and something only you will remember and be part of the World Password Day.

PS! If you are already interested in passwords – you may also be in protecting your website against hacking attempts and data breaches. Take a look at WebARX platform where you will also have 2FA, vulnerability monitoring, backups, web application firewall, security reports and much more – you can try WebARX for free here.

Other

Start your free 14-day trial now

Protect your websites from malicious traffic - set-up in under 3 minutes.

Try it now

WebARX is compatible with the following platforms:

PHP
WordPress
Magento
Drupal
Joomla