Choosing Password Management Software
If there’s one problem we all experience, it’s having too many online accounts and passwords to remember. To solve this problem, we’ve developed a very bad habit: using the same passwords all the time. But there’s a much better solution: using a kind of software called a password manager. By Marc-André Gagnon, information security specialist. The way a password manager works is that you enter all your passwords into a database that itself is highly secure—a kind of digital vault. There are two kinds of password managers: local and cloud-based. Local password managers Local password managers save your passwords in a local database on your own computer. Your information never leaves your computer, and you are responsible for backing up your database manually at regular intervals. The two big players in this category are KeePass and Password Safe. Both of these software packages are open-source and free. KeePass for Windows was audited by the European Commission's EU Free and Open Source Software Auditing project (EU-FOSSA) in 2016, and no critical vulnerabilities were found in it. This represents a good guarantee that the source code is free of any major flaws or “back doors”. Because both KeePass and Password Safe are open-source, there are dozens of clones and derived versions of them, for all platforms (Windows, Linux, iOS, Android). But you have to be careful, because these clones do not provide any guarantees against vulnerabilities. If you’re concerned about security, use only the official versions. Local Password Manager Price Platforms KeePass free Windows (Linux/OSX: use the KeePassX clone) Password Safe free Windows Cloud-based password managers Cloud-based password managers save your database of passwords in the cloud. They represent an interesting compromise, in terms of ease of use and security. If well implemented, cloud-based password managers are considered secure and offer some additional benefits: they support all browsers; they let you access your passwords on all your devices at any time; they let you share certain passwords with other users, such as your spouse or your children; they let you monitor attempts to access your account, define trusted devices, and so on; some of them let you define an emergency contact who will be able to access your password database if anything happens to you. Like all other cloud-based services, cloud-based password managers charge an annual fee (although LastPass does offer a worthwhile free version). Cloud-based Password Manager Price Allows two-factor authentication? Platforms LastPass free or $US 24 per year Yes Internet Explorer/Edge Mozilla Firefox Google Chrome Apple Safari Opera 1Password $US 35.88 per year No Chrome Firefox Safari Opera Dashlane $US 39.99 per year Yes Internet Explorer Chrome Firefox Safari Can the software provider (or a hacker) access my passwords? The provider cannot read your database, because it is encrypted with your master password. All of the encryption and decryption operations are performed locally on your own computer, and your master password is never transmitted to the provider in any way. If this complex technology is properly implemented in accordance with best practices, it is considered impossible for the provider or potential hackers to decrypt your passwords without your master password. Essential advice Choose a master password that is complex and unique. Try to have 15 characters or more, including letters, numbers, and special characters. This password is going to protect all your others, so you can’t afford to be lazy! One good method is to use the first letter of each word in a sentence that will be easy for you to remember. For example, you could set your master password as “ta12aitb, ok?” and remember it with the sentence “There are 12 apples in this bag, OK?” For more details on this method, I recommend an article by Bruce Schneier. You’ll have to remember your master password, because there is no way to recover it. Some cloud-based password managers may offer options to make it easier to recover, but these options are still limited, because the provider can’t decrypt your information and doesn’t know your master password. Activate two-factor authentication For cloud-based password managers, two-factor authentication involves associating your account with your smart phone or other smart device (there are other options as well). Once you activate two-factor authentication, you will be allowed to access your database only if you enter your master password AND you demonstrate that you have physical access to the smart device that you have associated with your account. Thus, even if your password is compromised (by a virus, for example), the attack will be blocked by a second factor. I think this is the best way to make your account secure with the least effort. By the way, that’s true not just for your cloud-based password manager but for all your other cloud-based accounts—Google, Apple, Facebook, Microsoft, Amazon, etc.!Lost in the clouds?
In a previous article, I talked about saving data on your mobile device by connecting to a computer. But the truth is that not everyone has a computer or always remembers to back up their data. Enter the cloud. Saving your data to the cloud is a very popular choice that requires very little effort on your part. This article explores the cloud services offered by Apple and Google and aims to give you a better idea of how they work. Pro tip: Never forget that you are the only person who has control of the data you save on the cloud. Contrary to what you may have heard, nothing is automatically shared with other people or on social networks. If you’re still not sure what the cloud is all about, read this article by my colleague Michel Baril. In short, the cloud is an online storage space that you can access via your Apple or Google account. iCloud by Apple If you have an iPhone, you’ve probably already heard of iCloud. Offered by Apple, this service allows you to save all kinds of things, including your contacts, photos and appointments in your calendar, as well as your notes, reminders and favourite sites on Safari. All this is connected to your Apple ID (which is the email address you use for Apple services). If you have other Apple products, such as an iMac or iPad, iCloud will allow you to access your content and synchronize it across all your devices. New data is backed up automatically whenever your iPhone is plugged in and you are connected to a Wi-Fi network. This function is really handy when you consider that phones tend to get plugged in daily, often before we go to bed. It’s also important to note that this service gives you 5G of free storage, meaning you can store a decent amount of data without paying. If you reach the limit, you can always delete unwanted data, like old photos and videos, to make more room. Alternatively, data can be saved to your computer. And, of course, Apple offers various monthly packages to increase your cloud space. Pro tip: Does everyone in your family have an iPhone? If so, you may want to consider the Family Sharing feature, which lets family members share any music, app, book or movie purchases with each other. That way, you don’t have to pay for content more than once! You can also share photos and calendars, which is great for managing the family schedule. Parents, rest assured that you decide which features you want to share. You’re also the one who authorizes any purchases! Google If you’ve got an Android device, you can get cloud backup from Google. To access this service, simply create a Google account (if you already have a Gmail account, you’re good to go). Google’s Android service lets you save the same type of data as the Apple service, like contacts, calendars and photos. However, the backup method differs from phone to phone. For an optimal backup and syncing experience, make sure you save your data to your Google account. Here are a few examples to give you a better understanding: When you add a contact, make a point of saving it to your Google account, not to your phone’s memory. This option should appear when you enter your new contact information. When you add an event to your calendar, follow the same principle by selecting your Google account. For photos, go to your phone’s Google Photos app and activate back-up and syncing. Any photos you take after that will automatically be backed up when you connect to a Wi-Fi network. These are just three of an infinite number of possibilities for saving data on the Google cloud. If you want to learn more, start by exploring the various backup apps available—they can really make managing your data much easier. Pro tip: Want to explore the many possibilities that Google offers? Go to google.ca and click on the square menu in the top right corner of the page. You’ll find tons of features, many of which will be compatible with your mobile phone! In short, don’t forget that you decide what gets saved onto the cloud, and that you can adjust these preferences at any time. Whether you just want to keep your contacts safe and sound or back up all your content, the one thing you absolutely must do is remember your passwords. Without them, you won’t be able to access your data. Using the right backup service is a sure way to get the most from your digital devices. Now, get saving!
