The password management service My1Login offers a smart way to remember all of those passwords and key phrases by literally boiling them all down to one. Now it is also offering a Web page where visitors can find out why they might need a password manager and measure the strength of passwords they might consider to be safe.
If you’re a fan of trying new things online, you’re doubtless logging into all sorts of things every day and stacking up a list of long, complicated and unique passwords along the way, right? Right?
No. You’re probably not and yes you’re likely to repeat passwords on different sites like the poor chap over at DropBox who let everyone’s cats out of the bag along the way. (Luckily they’re now rolling out two-factor authentication, which should help.)
To show how dreadful you are at choosing a password and how easy it would be for Hacky McNasty to get into your private things, My1LogIn has created a little test site where you can type in passwords and see how badly they suck. If you’re concerned, you can always submit similar words for testing rather than your actual passwords.
The page detects common names so if your password contains a name it will come up as a potential password. Digits or characters that are close together are also logged, like ‘12345’ or ‘ghjkl’.
There is also an analogy based on leaving your home open to unwanted visitors to help explain how secure the password is, or isn’t. Another handy addition is a notification of the time it would take to crack your password via brute force or dictionary attacks. Nothing like making the message clear.
Mike Newman is the CEO of My1Login, he says that the problem of weak passwords continues despite people knowing they should be making a greater effort.
“People are using passwords that they think are unique and no one would have thought of putting a couple of numbers or some letters in there,” he notes. “These are common practices that people use to feel more secure but in reality these techniques are in the school-boy book of hacking.”
Newman follows reports and studies looking at the issue of how people are bad at choosing passwords. “Imperva did a study in 2010 that showed that looking at password practices of the past 20 years and people are not applying stronger policies in the way they manage their passwords.”
So it sounds as though over time we’re really not learning our lessons. But there again, choosing a password that a human can remember is not the same as choosing one a machine cannot crack. Naturally Newman and the team at My1Login are illustrating the issues in the hope that people online will take up password management as a solution.
The service provides a way for users to log in to almost all of their online accounts with one click. My1Login works with a pass phrase chosen by the user and then applies itself to other login processes.
Interestingly the company has a smart bit of code that identifies the log in area of any site, even if it is one the company has not seen before. So that will be useful to early adopters who log in to sites often on the first day they emerge publicly.
A matter of trust
Password management services are not entirely watertight it seems. Last year LastPass experienced an attack which led the company to advise its users to change their master passwords.
So, handing all of your passwords over to one service can leave users feeling a bit nervous. Newman seems assured that his product is up to the task. “All of My1Login’s servers are ISO27001 security accredited and the service has been audited by Hewlett Packard’s Information Security team along with work done by external consultants,” he says..
He also claims that user information is stored in a way that even the company cannot access it. “Even in the extremely unlikely circumstances that someone would be able to bypass our security, hackers would get to useless data,” says Newman. “If you choose a security phrase that is say 20 characters long, it would take a hacker using a supercomputer trillions of years to work through every permutation of a reasonably lengthed key.”
My1Login secured $1m in funding back in April to aid expansion. The service is currently available as a freemium model. The free service is funded by advertising and affiliate commissions with a limited amount of logins to start with.
Free users can earn their way to pro-level unlimited storage for passwords by spreading the service around on social media networks.