Keeping Your Passwords Safe
by David C. Jones firstname.lastname@example.org - Aug. 30th, 2009
Considering the average Internet user has approximately one gazillion usernames and passwords, how is one supposed to remember all of them while keeping them safe from malicious users. Unless you have a photographic memory, remembering all of your usernames and passwords can be virtually impossible. How many times have you had to reset your passwords on one of your online accounts? Probably more than you can count. While resetting forgotten passwords may work for some, it's not exactly the best password management strategy. It's time consuming and oftentimes requires information that you may not have at your finger tips such as a bank account number or loan ID.
Many people keep a "secret" password list next to their computer or under their keyboard - not very secure. Others maintain a password protected Excel spreadsheet that contains all of their online account information. Again, not so secure. There are a number of password "recovery" utilities you can download that can crack a password protected Word document or Excel spreadsheet in a matter of minutes.
In this article, I'll give you some tips for keeping track of your usernames and passwords without putting your privacy in jeopardy.
1. Pick a username that does not give away your identity.
For example, use your first name and perhaps an important date or year (i.e. david1944). To simplify things, you may want to use the same username for all of your online accounts. If your first choice is taken, pick an alternate user name that is similar to your first choice.
2. Pick passwords that are easy to remember, but hard for others to guess.
Ideally you should choose a password that is at least 8 characters long with a combination of uppercase, lowercase, numbers, and special characters. Sounds like a pain, I know, but it’s really not that difficult. Pick a word or phrase that is easy to remember and replace some of the characters. For example, take a phrase such as "dogs at noon" and change it to "D0g$@n00n".
3. Select unique passwords for each of your online accounts.
If you use the same password for all of your online accounts, and someone happens to guess your password, you are putting all of your online accounts at risk.
4. Don't write your passwords down on paper.
Instead use a password management utility such as Roboform - http://www.roboform.com. Roboform is a computer program that safely stores all of your usernames and passwords. To gain access to your stored usernames and passwords, you must enter a master password. The master password that you choose should be complex, but easy for you to remember. If you have a compatible Blackberry or Smartphone, you can configure Roboform to synchronize your usernames and passwords with the device. There are several utilities and devices out there that allow you to securely manage your usernames and passwords without writing them down on paper. If you must write your passwords down, keep them in a physically secure location such as a locked file cabinet or safe.
5. Use two factor authentication whenever possible.
A growing number of websites are offering something called two factor authentication. Basically this means that instead of just typing a password, you are required to provide an additional form of authentication to logon to a website. There are various forms of two factor authentication, however the most common type involves using a password and temporary code. The temporary code is usually generated by a small keychain-sized device called a token. The device generates a new code every 60 seconds. Alternatively, some sites can be configured to send a temporary code to your cell phone in the form of text message eliminating the need for a token device. After entering your initial password, you must enter the temporary code to gain access to the website. By using two factor authentication, an unauthorized user would need to have both your password and token device or cell phone making it nearly impossible to gain access to your online account.
6. Reduce the number of usernames and passwords you have to keep track of.
By using services such as Paypal or Google Checkout, you can purchase things from various sites without setting up an online account for each one. Another site you may want to check out is OpenID.net. While it is still in the adoption phase, it has the potential to eliminate the need for having multiple usernames across different websites. There are currently multiple OpenID providers which makes it somewhat confusing, however, I suggest signing up for an OpenID through MyOpenID.com as it is the first and largest independent OpenID provider and will most likely outlast some of the other providers.
For more information:
Two Factor Authentication