2012 is the year of password theft, according to SecurityCoverage. The security software company says that in the first six months of 2012, online password breaches increased 300% over the same period in 2011.
Maybe you've done okay so far using the same passwords for years, or using the same password for multiple sites so you don't have to keep track of lots of different ones. Maybe you hope that password theft is so rampant that your password will slip past thieves unnoticed. But the time of hoping and crossing your fingers is over if, like many people, you've started storing corporate data in the cloud.
Until companies figure out a better way to protect their data in the cloud, the best solution is to enforce higher security with password managers, said Amber Gott, marketing associate and online community builder at LastPass. Awareness that the tools exist is the first step. "We still find there are plenty of people who aren't even aware that password managers exist," she said. "[But now ] ... we're seeing it cross over to your more average Internet user."
Password managers provide tools to encrypt text files that can store all your passwords that are not Web based, such as Windows and Outlook passwords, Lotus Notes passwords, administration passwords including local and domain accounts, BIOS passwords, encrypted hard drive passwords, cell phone and voicemail passwords, iPad and iPhone passwords, and so on.
Password managers promise greater security while improving the user experience. People get most excited about password managers' convenience, said Gott. "The security for a lot of people is an added benefit," she said.
The best password managers sync to the cloud across all dominant platforms and require multi-factor authentication. Other factors to consider when choosing one are cost, ease use, and extras. Of course, clouds are where much user data is breached. You've probably heard the victims' names: RSA, Sony, eHarmony, LinkedIn. What happens when a cloud-based password manager gets hacked?
LastPass was hacked in March 2011, right around the time Sony was breached. Unfortunately for Sony users, Sony stored passwords in clear text. LastPass, on the other hand, encrypts its passwords and came through relatively unscathed. In other words, the extra protection offered by password managers works.