Menu
Blog.

Cyber Security Month Blog 2: Password Managers

Published On: 11th October 2018

Do you know the password to your Amazon account by heart?

I don’t, I haven’t got a clue as to what any of my passwords are except for two, my password used to log in for work and my master LastPass password, that’s it.

All my passwords are managed from my LastPass and Password Manager. If I need to log into a site, then I reach for my mobile and look it up. None of the passwords for any site I use are the same and they all have a combination of numeric, alphanumeric, special characters and are long e.g. *&hG^s%DD3b01d7Of$AUJF

And before you ask, no that isn’t one of my passwords, that’s as made up and random as a password manager makes them for you.

So how strong is strong for a password? Every year the top passwords used are published. These are passwords which are obtained from data breaches which have occurred.

The top 10 password used, as published by SplashData, in 2017 were:-

1. 123456

2. Password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. letmein

8. 1234567

9. football

10. iloveyou

In an offline password attack scenario, number 10 in the list ‘iloveyou’ could be cracked in 2.17 seconds compared to my made up complex password above which would take 1.04 hundred billion trillion centuries!

Without typing in your own passwords, you can find out how quickly a password could be brute forced in an attack by going to GRC’s Interactive Brute Force Password “Search Space” Calculator https://www.grc.com/haystack.htm

Hopefully from reading this, if you are not using one already a password manager it is something you now want to start using, but which one?

I have used LastPass for many years, I can use it on my mobile, on a browser (though I never do). They have a free version or a premium version. LastPass never stores your actual master password, none of their employees, including the boss can ever find this out which gives me assurance. The technical bit, LastPass store a one-way salted hash of your master password which is then hashed multiple times with PBKDF2-AES256, which means it is virtually impossible to brute force.

Clearly, I’m biased towards a single password manager, but there are others like Dashlane, KeePass, Roboform, but don’t use a password protected Excel file as the password can be broken in minutes!

You can find out more information on password managers here:

https://lifehacker.com/5529133/five-best-password-managers

Article Author.

Jennie Cleal

Senior Consultant - Information Security
Jennie is a focused, strategic leader with a proven ability to encourage and motivate others. She has excellent people skills... Read More From Jennie Cleal

Our Latest Insights.

Our work means different things to different clients and we wanted to share some details of the projects we have managed to give you an insight into our capabilities and the impact we have delivered as a business.

 

View All Insights

Say Hi.

Did you like what you read? Did you want to find out more about the subject? Or did you simply want to get in touch with us? Either way if you would like to get in touch with us you can do so using the form on the right.

Every now and then, Gemserv would like to send you information about our products and services that are relevant to you. By submitting your details lets us know that you’re OK with this and that you also agree to our privacy policy. You can, of course, opt out of these communications at any time!

Get In Touch

Want to find out more?

Follow the links below find out more about the services we provide, our insight into the industries we serve or the opportunities available with us.
Services Our Insights Careers