Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Apps to keep your passwords secure

by
13th May 2014
Save content
Have you found this content useful? Use the button above to save it to your profile.

As an accountant, keeping both yours and clients data private and secure is of utmost importance. But even more crucial is the type of key you use to lock it away.

Password security has been in the news recently, with the breakout of security breach bug Heartbleed. Users of sites such as Facebook, SoundCloud, Gmail and YouTube were advised to change their passwords as the bug was found to have potentially affected them.

This got some of our community members thinking about how they can effectively and securely manage multiple passwords without worrying about similar security issues.

One of the best suggestions for storing multiple passwords is through a password ‘vault’ app for your smartphone or tablet.

Below is a round-up of five of the best app suggestions accountants use, as put forward by our members: 

1. Lastpass - free (premium option available from £12 per annum) 

This app was suggested by the majority of members. It was briefly affected by Heartbleed but following a patch the developers completed, it's safe. 

Your data is encrypted into the app and accessed using one master password - and it's incredibly important that you don't lose this. 

It comes as a downloadable desktop programme or browser extension with the free version, but to get the mobile/tablet apps you'll need to pay about £12 a year for Lastpass premium.

RusselD, Accounts Dragon and Switkiss are all advocates of this app, which includes the following features: 

  • Allows you to see all accounts, password and data in one 'vault' 
  • Automatically syncs
  • Dedicated dedicated mobile and tablet app alongside downloadable desktop programme  with the premium version 
  • Password generator creates secure passwords, hassle-free
  • It encrypts and decrypts data locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass
  • Works for online shopping: set up a profile for each credit card, billing and shipping address
  • Allows you to attach documents and images to your secure notes

As Switkiss explains, in LastPass your collection of passwords are encrypted using your master password and are then only ever decrypted in your local browser, making it important to choose a strong master password.

LastPass don't hold this master password and can never know individual site passwords, he continued, "so any hacker using Heartbleed would only retrieve an encrypted dataset which they couldn't decrypt provided your master password is strong enough.

"This is also why it's important to remember your master password (or store it written down in a safe), as LastPass couldn't help you if you lost it, and nor would you want them to be able to," he said.

2. 1Password - £12.99 on iPhone and Andriod 

The OP had originally thought to go with this app, which others also suggested. 

Like Lastpass, it includes a password generator, secure sync across all devices, auto-lock of your 'vault' of information if your device is lost or stolen and includes the ability to securely share vaults and install a browser plugin. 

Unlike Lastpass, it's a one-off payment of £12.99, so no repeat yearly payments - but it does appear to charge £30.00 for the web browser extension (with a 30-day free trial and 100% money back guarantee). 

While the cloud is commonly associated with being the storage of preference for apps like these, this app says it's an option but not a requirement. 

3. KeePass

This is another password vault recommended by members, including Mark_NW, taxhound and poika.

As poika explains, this programme is an encrypted database that you 'lock' with a master password. The programme that allows you to read and edit your passwords is separate from the datastore.

There are versions for Windows/Mac etc and most clients allow you to put your password database on Dropbox or another shared area so you can have a client on all of your different devices and have them all in sync. There are no ongoing costs and you are free to keep your password database as private as you wish. As it's just a file you can back up your encrypted passwords by just copying it to a USB drive or similar.  

This is a free programme and comes in two versions: Classic and Professional. It's probably suited to an accountant who is more technology-oriented or who has a good IT support person or team on hand to help implement it

It's not immediately obvious whether or not KeePass has plans for a mobile app.

4. Roboform

Very widely recommended was Roboform, a programme used for many years by some and just being adopted by others. 

One advocate was jamesbarton, who has used the app since 2007 on Windows and Android.

"For a while I used Roboform on a usb stick, but since found that Roboform Everywhere works perfectly well. It has browser add-ons for all major browsers, even in Android where I use Dolphin browser. It also remembers personal details and card numbers for easy log in on web sites. It locks itself every time you lock the PC," he wrote. 

The app works similar to the others - users have a master password they use to lock all their personal details, passwords, etc, away with and their data is then encrypted. Roboform Everywhere means you can access it from any device and it also has iPhone, Windows phone and Android apps. 

There is a free version, but the paid for version (currently on offer at about just over £5 for the first year) includes unlimited logins, phone support and free upgrades. The desktop version is also paid-for, and a little pricier at £17 for the first licence. 

4. MaskMe

Suggested by SkyBlue22, MaskMe is a slightly different product in that it isn't password security manager 'vault', but does relate to the issues of online privacy and spam.

It allows you to mask your email, phone number and credit card on the web, in addition to blocking spam.

Features include being able to use disposable information that MaskMe creates and autofills into slots on the web that require your phone number, credit card or email address. This prevents spammers, hackers and telemarketers from getting your - or client's - details. 

Worth a look

Also suggested by members were the following apps: 

Do you have a foolproof way of managing several passwords securely at once? Share your methods or favourite apps below.

Tags:

Replies (5)

Please login or register to join the discussion.

By alan.rolfe
15th May 2014 15:17

Try passpack.com

Also try passpack.com, which is an online password safe with good credentials.  

It has provided a reliable service for a number of years and offers a free service for up to 100 passwords, which should be enough for many people.

 

Thanks (0)
avatar
By Anne Fairpo
15th May 2014 23:11

"Unlike Lastpass, [1Password

"Unlike Lastpass, [1Password has] a one-off payment of £12.99, so no repeat yearly payments - but it does appear to charge £30.00 for the web browser extension"

It's £35 if you want the Mac OS version for your laptop/desktop, there's no additional payment on the iPhone/Android apps. 

Thanks (0)
avatar
By Phil Stevens
16th May 2014 11:54

Great you are mentioning also Sticky Password - my favourite and long time used password manager.

Thanks (0)
avatar
By switkiss
16th May 2014 14:17

Good post on the detail of security

Nice to see my comments were thought worthy of reposting :-) If you're a security nerd like myself, you may find this blog post from Troy Hunt interesting:

http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html

The comment trail is particularly interesting should you be concerned with 'putting your eggs in one basket' using a password manager. Troy also runs the haveibeenpwned.com website, which allows you to check if your account was hit by one of a number of recent high-profile security breaches.

Thanks (0)
avatar
By Adcome
16th May 2014 15:54

Facecrypt

The latest, and in my opinion, the most complete and up-to-date security password manager application on the market is FaceCrypt which uses 'live' facial recognition to open the vault. Other access method can be used instead or in conjunction with this but using face recognition means not having to remember any master password - a godsend in itself. Whilst protecting passwords, this super app also checks and suggests strong passwords, has a direct link from password to secure browser and has vault areas for private documents, photos and other private information.  There's also a choice of backup methods. Great app that's suitable for both personal and business users. At the moment only available as IOS but I am told that Anroid and PC will be released soon

Thanks (0)