Sunday, June 9, 2013

State of the Art: Remember All Those Passwords? No Need

Have these security pundits ever listened to themselves?

That advice is clearly unfollowable. I currently have account names and passwords for 87 Web sites (banks, airlines, blogs, shopping, e-mail, Facebook, Twitter). How is anyone — even a security professional — supposed to memorize 87 long, complex password strings, let alone remember which goes with which Web site?

So most people use the same password over and over again, and live with the guilt.

There are solutions. Most Mac and Windows Web browsers now offer to memorize passwords for you. But that feature doesn’t work on all Web sites, and is generally of little help when you pick up your phone or tablet. At that point, the only person you’ve locked out of all your online accounts is you.

The only decent solution is to install a dedicated password memorization program (like Roboform, KeePass, LastPass, 1Password, and so on). Last week, one of the best was just improved: Dashlane, now at 2.0. It’s attractive, effective, loaded with timesaving features and available for Mac, Windows, iPhone and Android — and it’s free.

Installation is quick. Dashlane works in Safari, Chrome, Internet Explorer and Firefox. It can import existing password “vaults” from rival programs.

Dashlane has two primary features. First, yes, it’s a password memorizer. Every time you type your account name and password into a Web page and press enter, Dashlane pops up, offering to memorize that information and fill it in the next time.

In fact, it also offers to log you in — not just to enter your password, but also to click “log in” for you. In effect, Dashlane has just removed the login blockade entirely. When you go to Facebook, Twitter or Gmail, you just click your bookmark, smile at the briefest flash of the login screen and arrive at the site.

Since Dashlane is now storing and auto-entering your passwords, you’re now free to follow the security experts’ advice. You can make up long, unguessable passwords — a different one for every Web site, since you don’t have to remember any of them. In fact, each time you sign up for a new account, Dashlane offers to make up such a password for you, and then, of course, to memorize it.

Dashlane’s second huge feature is even more amazing. It can also fill in other kinds of Web site forms: your name/address/phone number, and even your credit card information.

When you’re buying something online, and you click into the credit card number box, Dashlane displays pictures of your credit cards: Visa, MasterCard, American Express or whatever — even PayPal.

When you click the one you want to use, Dashlane instantly fills in the long card number, your name, the expiration date, even that accursed security code, in the right boxes. Every time you order something online, you save between 30 seconds and five minutes, depending on whether you have your card information memorized or have to go burrow through your wallet.

When you make a purchase, Dashlane even offers to store all the details in a digital receipt that you can call up later, along with a screenshot of the Web site where you shopped. This feature makes online shopping so frictionless, every dot-com retailer on earth ought to be promoting Dashlane as if its profits depended on it.

In fact, Dashlane can fill in all kinds of forms automatically: phone numbers, job titles, tax numbers and so on. If you’ve ever recorded multiple answers — you have two different Twitter accounts, say — two tidy buttons appear beneath the name box, bearing the account names. Click the one you want.

Unlike some rival programs, Dashlane doesn’t require you to associate one set of personal information to each “profile.” If you have three addresses, for example, you’re always offered those three when filling in a form. You don’t have to create three personalities’ worth of personal information.

So far, Dashlane probably seems designed for convenience, and that’s true. Behind the scenes, of course, its ultimate goal is security.

This article has been revised to reflect the following correction:

Correction: June 7, 2013

The State of the Art column on Thursday, about the password memorization program Dashlane, misspelled the name of a rival program. It is KeePass, not KeyPass.

No comments:

Post a Comment