Data heist puts spotlight on password management tools

The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news. REUTERS/Pawel Kopczynski (GERMANY - Tags: CRIME LAW SCIENCE TECHNOLOGY) - RTXZUYO (REUTERS/Pawel Kopczynski)

The recent massive data breach has shined a spotlight on the technologies that can help users lock down their passwords.

Last week’s report that a Russian crime ring has gained access to more than a billion Internet credentials was hardly music to the ears of consumers. The stolen credentials include 1.2 billion password and username combinations and more than 500 million email addresses, according to Hold Security, which discovered the breach.

While reusing the same password on multiple websites puts consumers at even greater risk, remembering a bewildering array of passwords is easier said than done. As a result, 70 percent of web users reuse their passwords on more than nine websites, according to data from password management special Dashlane.

“Most people are poor at managing their passwords,” Oxford, U.K.-based computer security expert Graham Cluley told FoxNews.com, but noted that password management tools can make life easier. “I think there are good solutions out there – many of them are either very affordable or free to try,” he added.

New York City-based Dashlane offers a free version of its password manager product that imports users’ passwords from Internet Explorer and other browsers into what it describes as ‘a password vault.’ A master password, which is private to each consumer, is used to access the vault, where data is secured using sophisticated AES–256 encryption. A premium version, which offers features such as syncing Dashlane to multiple devices, is available for $29.99 a year.

Dashlane told FoxNews.com that it has seen an eight-fold increase in “walk up” downloads of its product since news of the data breach broke.

Other offerings in this space include LastPass by the Fairfax, Va.-based company of the same name, and 1Password by Toronto, Ontario.-based AgileBits. Free open source technologies are also available, such as KeePass and Password Safe, which was created by security guru Bruce Schneier.

The hack also has focused attention on how passwords are handled across a host of different applications. Dave Baggett, founder of Inky, an app which consolidates multiple email accounts, told FoxNews.com that his organization does not even store its customers’ passwords on its servers.

“When a customer makes an Inky account, they are asked to make a password,” he told FoxNews.com.  “But we don’t know what that password is, it only lives on their device – the password can’t be stolen because it’s not stored on any servers.”

Instead, Inky stores a derivative of the password which is converted into numbers. This is then used to encrypt the various passwords associated with users’ email accounts.

At this stage, specific details of the hack revealed last week have not been revealed. Citing nondisclosure agreements and a reluctance to identify companies still at risk, Hold Security has not named the victims of the hack, or revealed the number of organizations affected. However, the breach is wide-ranging, according to the security specialist. “With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites,” the company said in a statement.

Hold Security has not yet responded to a request for comment from FoxNews.com.

Cluley said that, while the hack underlines the need for effective security, it’s not clear how many of the 1.2 billion password and username combinations are still active. “Many of them may have been obsolete – they may have been passwords that people changed years ago after previous hacks.”

Follow James Rogers on Twitter @jamesjrogers

Load more..