Painless password management: The best free and paid tools

How to keep your passwords safe on the wild and woolly Web.

By , ITworld |  Security, password manager, password managment

My particular favorite is LastPass. This program runs on all the operating systems I use, and I use pretty much everything that's out there. It will automatically capture your login credentials and then enter them into the site for you the next time you visit. As an added plus you can buy it with Xmarks, to my mind the best of all the Web browser bookmark synchronization programs for an annual $20 subscription price. By itself, the paid version of LastPass is $12 a year. Both programs are also available in free versions.

If you're working with a team of people you may also want to consider Passpack. With this program, you can share some passwords with your family, say for the Apple Store; others, like a Zoho or Google Docs project, with your co-workers, and some you want want to keep to yourself, like handsome open-source gents with beards. Passpack will let you share your passwords with these different groups.

For some people this can be a very handy feature. You don't have to take my word for it. Passpack is Webware and will run on any browser or operating system. It's available in a free version that can handle up to 100 passwords that you can share with one user and one group. If you love it, and have a business of your own, the company offers it in a variety of packages up to a 10,000 passwords/1,000 users/100 groups deal for $40 a month.

More than one way to secure a Web site

There are other solutions as well. One that I find interesting is SuperGenPass. This free JavaScript program uses a hash algorithm to transform a master password into unique, complex passwords for every Web site you visit. As the SuperGenPass FAQ explains, "SuperGenPass uses your master password and the domain name of the Web site you are visiting as the "seed" for a one-way hash algorithm (base-64 MD5). The output of this algorithm is your generated password. If either your master password or the domain name of the Web site changes, even by one character, the generated password will be drastically different."

While MD5 (Message-Digest algorithm 5) can be broken, I find SuperGenPass to be an interesting way to generate unique passwords on the fly from multiple systems that will prove much harder to break than the usual run of passwords.

Biometrics and single sign-on

It would be great, of course, if you could use your fingerprint or an iris scan to log in to systems. After all, as I've said myself, and any knowledgeable security expert will tell you, passwords are dead. But, while it's easy to integrated a fingerprint scanner on a Windows laptop to let you log in, it's orders of magnitudes harder to integrate biometrics authentication across literally millions of Web sites.

Both Apple and Google are working on mechanisms that will let you use iOS and Android-powered devices and biometrics to access multiple Web sites, but neither of them are ready to announce a shipping product yet. I have a sinking feeling, having seen similar efforts fail over the years -- smartcards, for example, that were meant to be universal login cards -- that these efforts won't work out either.

Another idea that sounds good, but hasn't worked out in real life, is Single Sign-On (SSO). While SSO can, and does, work well with corporate IT using such technologies as the network authentication protocol Kerberos, on the wild and woolly world of the Web it doesn't work so well.

OpenID, the most successful of the public Internet SSO systems, has the support of Google, Facebook, Microsoft, and Yahoo and has been active since 2005. Despite broad industry, government, and open source community support, and, the OpenID Foundation assures us, a billion plus user accounts, I honestly know very few people who use OpenID on any kind of regular basis.

The closest thing to a popular universal SSO is, God help us, Facebook Connect. Do you want to trust Facebook (Facebook!) with your login and password for multiple sites? I don't! You can make Facebook safer, but I wouldn't trust Facebook as far as I could throw Mark Zukerberg.

No, for the foreseeable future, we're all still going to be using our own passwords on hundreds of different Web sites. Fortunately, there are many good programs, and some darn fine USB drives, that make securing yourself on the Internet a lot easier than just typing "password" over and over again.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness