There has been lots of talk lately about company server hacks. You have probably heard about the Sony incident where millions of data sets were downloaded by hackers. Last Pass, the company behind the password manager of the same name, noticed irregularities as well and asked their users to change the master passwords of their account.
A local password manager like KeePass would have been especially helpful in the LastPass case, as your data would not be exposed on the Internet at all. The fundamental difference between online and offline password managers is the storage location and responsibility. Online password managers like LastPass store the account logins and information in the cloud, while offline password managers store login related information on the user’s computer.
Not the username, but the password is the most important part of an online account, and it is relatively easy to explain why. A username usually is displayed somewhere on the site the account is for. A Facebook wall post, a reply in an online forum or the writing of an article all show the username in one form or the other. And even if the username is not displayed openly it can be guessed more easily or often substituted with a user’s email address.
An account password on the other hand is not visible anywhere. Attackers with the right account password can usually get into an account easily, not so on the other hand if they only have the email or username of the user on the site.
Now that we have established that passwords are the most important part of a user’s online presence we need to find out how to make them as secure as possible.
Passwords, and login data in general, have a severe impact on a user’s security on the Internet. This is so because most users tend to pick easy to remember usernames and passwords when creating accounts on sites such as Gmail, Facebook, MySpace or Flickr. Those easy passwords can however be easily guessed by hackers.
It is therefor generally insecure to select basic passwords that are either dictionary words (think of car, password or login), words related to the site (think of picking gmail as the password on Gmail) or related to the user (think of birthdays, dog’s name).