Last year, Hive Systems published research data about how long it would take hackers to crack your password. That data/table made me realize that the strong password I've been using everywhere for years, which is only 9 characters long, can now be cracked in hours with modern hardware.
Realistically, it is highly unlikely that a highly skilled hacker would target me specifically, so technically the password is still good to use. But it is a bit concerning that any nerd with knowledge of cryptographic hashing algorithms can brute force my password with a modern computer within 6 hours.
Now, you may ask, 'Isn't there some sort of security measures in place by websites themselves for brute force attacks?' Yes, there are. For example, if you repeatedly enter wrong passwords, most websites will send alerts to registered emails and recovery contacts regarding suspicious activity. Bank websites will disable online banking altogether if you enter the wrong password 3 times. These are some examples of security measures employed by most websites.
But not all websites use similar security measures, because not all of them deal with sensitive data. That's where it becomes important. Even someone like me, who knows about these things and is fully aware that we shouldn't use the same passwords on different websites, chooses to reuse passwords. And that becomes a problem. If a hacker gets your credentials from such low-security websites, they may attempt to use the same credentials on other websites and gain access to sensitive information.
Once again, it is highly unlikely that a skilled hacker would attempt to hack you unless you're a well-known public figure, but it is a good practice in general to have different passwords for different logins. After all, the saying goes 'better safe than sorry.'
And that's where password managers come into play. Most people reuse the password for two main reasons
- It is not easy to come up with a secure, unique password every time.
- It is not easy to memorise all these secure, unique passwords.
The password managers I'm about to mention solve these two problems.
Note: I do not claim to be qualified enough to write in-depth reviews about these software, this list is purely from personal experience, But you can easily find online reviews from reputed sources.
Bitwarden
Dashlane
Unlike Bitwarden, Dashlane IS included in most "best password manager" lists. Although these lists review the paid version of the app, the free version isn't that bad either. In fact, I was using Dashlane before I switched to Bitwarden. So why did I leave Dashlane?
Well there was 2 reasons
- Free version is single device only
- Free version lets you save 25 passwords only
If these issues don't matter to you(which shouldn't to most people), then free Dashlane is also a good password manager with password generator.
Keepass
Now this one is just honourable mention. I wouldn't recommend it to average users as it is made for nerds/techies. Non tech savvy users will struggle to navigate the app. But if you are a nerd, then it is worth checking out. Even if I ignore ease of use, it lacks official app for mobile devices.
0 Comments