Posted by: Ken Harthun
LastPass, Password, password manager, secrurity practice, Secure Computing
You can bet that I’m going to be hard at work fixing these issues and I’ll take the challenge again and again until I’m satisfied with the score. I plan to address one issue at a time to see how it affects the score. As I complete each stage, I’ll post the results here along with an explanation of what I did.
The first thing I did was address the duplicate password issue on 48 sites. On those sites, the password was actually quite strong at 10 characters long, but the number of duplicates lowered the overall password strength rating to under 5%. On each of the sites, I used the LastPass secure password generator with options set to use 10 characters consisting of upper and lower case letters and numerals (this passes my password meter test with a rating of “Strong”). Here are the highlights:
- Top strength rating for passwords is 100% – my average is 58.9% Still way too low.
- 20 unique passwords are used on more than one site – a definite no-no.
- 141 sites are using duplicate passwords – some of these are OK, but poor practice.
- 42 of my passwords score below 50% strength rating.
- Average password length is 8.4 characters – slightly improved.
Will I ever get a 100% rating? Probably not, since there are sites I have stored in LastPass that I don’t consider important enough to devote any time to securing (news sites, blog comments, and the like). But I do intend to keep working on this until I get the highest rating I can attain without unnecessary effort.
You have to be a LastPass user to take the security challenge, but if you are, give it a try and see if you can beat my score! https://lastpass.com/?securitychallenge=1.