Passwords under attack

Spate of website hacks expose passwords.
Learn more

01.Password managers vulnerable too

Passwords and user logins stolen

The recent revelation of a hack on the Catch of the Day site that occurred in 2011 is the latest example of attacks carried out on websites to steal passwords, usernames and email addresses, which have become regular events.

CNET was attacked recently while Adobe had millions of records breached last year.

Heartbleed revealed a massive flaw in web encryption, showing that it’s never been more important to have strong, unique passwords for all websites and webmail and other online services. Password managers are a solution that can store passwords and create complex passwords to prevent attacks.

CHOICE has tested and recommended password managers as a way to secure passwords. It was revealed recently, however, that password manger software isn’t bulletproof. Security researchers found critical defects in five web-based password managers – LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword.

The vulnerabilities have mostly been fixed and there’s no evidence that attacks have taken place based on any of these flaws. But password managers, if compromised, could potentially give hackers a single point of entry to scoop us all passwords in one go.

On balance, it’s still safer to use a password manager rather than re-use one or two simple passwords on multiple sites or, (and this should be a thing of the distant past) writing passwords on paper.

Check your passwords

If you want to check if your password has been stolen, there are several sites that will tell you if it’s been compromised. You can even sign up for alerts that will notify you if your email has been stolen.

  • Have I been pwned will check and let you register for notifications.
  • The PwnedList will check your email against its list of compromised accounts.
  • BreachAlarm has a similar checking service along with some unnerving stats on the number of hacked accounts and stolen passwords.

Passwords on the rise

If you think your list of passwords is getting longer and you’re tempted to re-use passwords, you’re not alone. A 2007 Microsoft study found that the average person using the web has 25 separate accounts but only 6.5 different passwords. In 2014 that’s likely to be a higher number as so many more services are now accessed online.

At the same time, computing power has increased, giving hackers faster processors to try and crack passwords and add to that the recent password leaks and there are more reasons than ever before to protect passwords.

How to remember your password

If you want to remember your own password, there is a technique known as spaced repetition that Microsoft researchers have found helps people to remember passwords. It involves entering the password numerous times over several sittings so it’s ‘burned in’ to the brain. The technique could be used to remember the master password for a password manager program, rather than many separate passwords. Just remember, anything is better than using your pet's name as a password.



Sign up to our free

Receive FREE email updates of our latest tests, consumer news and CHOICE marketing promotions.

Your say - Choice voice

Make a Comment

Members – Sign in on the top right to contribute to comments