Passwords aren't dying any time soon - here's how to manage them effectively

If you rely on passwords to protect your online identity, you should use a tool to help you remember

It's tough to keep track of all of your passwords. In spite of advances in biometrics, and increased attention on the value of two-factor authentication, passwords remain the primary means of digital security. They're also one of the weakest links in the security chain. If we can't get rid of passwords, we need a better way to manage them.

Remember when passwords were going to die out? Bill Gates told an audience, "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."

That was in early 2004. Nearly a decade later we still rely heavily on passwords, and passwords still suffer from all of the same weaknesses Gates described.

I used to be guilty of recycling the same password across virtually every account as well. The sites and services I use broke me of the habit because the password policies are so different from one to the next that it became very difficult to even find a password that meets the requirements of all of them.

Fair enough. It's a horrible policy anyway. Security best practice suggests you should use different passwords for different sites. Just as you don't use the same key for your front door, car, bike lock, and safety deposit box, you don't want to have the same password "unlock" all of your information. If one site or service is compromised and an attacker gets access to your password, you don't want it to be a universal key to your entire online identity.

Apple recently unveiled details of the new Mac OS X, "Mavericks." It is available only to developers right now, but one of the features Apple is adding is designed to help you choose more secure passwords, and manage them effectively without writing it on a sticky note pasted on the front of your monitor.

iCloud Keychain basically takes the password storage and management features of the existing Keychain feature and moves them to iCloud, where they can be accessed by and synced across iOS devices as well. The Mac OS X system running "Mavericks," and any iOS devices with the upcoming iOS 7 will be able to auto-fill complex passwords from the iCloud Keychain.

That's awesome for users who live and die by the Apple ecosystem, but it won't work for someone using a Windows PC with an iPhone, or someone using a MacBook Pro with an Android smartphone--at least not yet. It's a good solution, but an Apple-centric one.

PasswordBox is a new service that functions much like iCloud Keychain, except that it works cross-platform. PasswordBox is available on Mac OS X and Windows, and it's available for iPhone, iPad, and Android mobile devices.

Like iCloud Keychain, PasswordBox stores passwords in the cloud using strong encryption to protect them from unauthorized access. When you need to log in, PasswordBox automatically retrieves the appropriate credentials. PasswordBox is free (for managing up to 25 passwords) and provides tools that let you share your credentials with family or friends--should they need the information if something happens to you--without directly revealing your passwords.

There are other services out there like 1Password, and LastPass that let you manage secure passwords more effectively. There is some concern about storing the keys to your digital life in the cloud--but it's probably more secure than writing it down on a piece of paper and shoving it in your desk drawer, and it gives you access to your passwords any time and anywhere, from just about any device.

Despite Bill Gates' prognostication, passwords don't seem to be going away just yet. Make sure you choose secure ones, and find a tool that lets you remember and use them more easily.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitypasswordscloud storagebusiness security

More about AppleBill

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place