Posted by: Ken Harthun
LastPass, Password, password manager, Secure Computing, Security Now!
Back in 2010 February, I wrote about LastPass and touted its ease of use. I also talked about how easy it made the habit of using secure passwords:
Besides the convenience of having all of my site login information in one place I like the the way LastPass makes it easy for me to use secure passwords. Since all I have to remember is the master password to be able to log into LastPass, I don’t have to fudge around with mnemonic systems and such to make easy-to-remember complex passwords; I simply use the program’s built-in password generator to get strong, random password strings.
What I didn’t realize (until today) was how insecure I really am. The LastPass Security Challenge securely analyzes the strength of your passwords, alerts you if you have any duplicate or weak passwords, and tells you how to make them more secure. Of course, being a security wonk who has written countless articles on the subject, I know how to make them more secure. The problem–I’m embarrassed to say–is that I haven’t even taken my own advice.
For obvious reasons, I don’t want to give away too much information; however, I’ll hit the highlights:
- Top strength rating for passwords is 100% – my average is 57.1% Yikes!
- 25 unique passwords are used on more than one site – a definite no-no.
- 204 sites are using duplicate passwords – some of these are OK, but poor practice.
- 48 of my passwords score below 50% strength rating.
- Average password length is 8.3 characters – 10 characters would be better.
You can bet that I’m going to be hard at work fixing these issues and I’ll take the challenge again and again until I’m satisfied with the score. I plan to address one issue at a time to see how it affects the score. As I complete each stage, I’ll post the results here along with an explanation of what I did.
I also want to give a mention to Steve Gibson who does the Security Now! podcast with Leo LaPorte each week. Episode 256, “LastPass Security,” delivers Steve’s “long-awaited, in-depth review and evaluation of LastPass. Steve explains the nature of the need for high-security passwords, the problem that need creates, and the way the design of LastPass completely and in every way securely answers that need.”
You have to be a LastPass user to take the security challenge, but if you are, give it a try and see if you can beat my score! https://lastpass.com/?securitychallenge=1.
Don’t forget to leave your scored in the comments.