User Names and Passwords: How to Manage the Keys to the Kingdom
With all the sites that require sign-in passwords — and all the havoc that could be visited upon your life should some thief crack them — effective account access management is a top job for the savvy computer user.
Naturally, you should avoid the obvious choices when setting a password. However, you should also never be obvious when setting up that password reminder failsafe device that asks you for Mom’s maiden name.
Creating and remembering strong passwords — like backing up the important files on our computers’ — is something many of us know we should do, but never get around too.
Who can blame you? Having to come up with user names and passwords for virtually everything we do on a computer is enough to tempt anyone to use “Magic123” over and over. I’ve even witnessed people who keep lists of passwords taped to their computer screens.
With a little time and some discipline, you can create strong passwords and do a better job managing them. Of course, no matter how many precautions you take, no password is ever 100 percent secure. By the same token, you don’t have to follow all the advice in this column to avoid password theft.
Be Obscure, Be Weird
By now, most people know that you shouldn’t use personal information such as your name, birth date or address in a password. It’s also not a good idea to use something obvious such as “1234” or “password.” Passwords should be at least seven or eight characters in length. The longer the password, the stronger it is.Next, choose a password that would appear as nothing more than a random list of characters to someone else. Use both uppercase and lowercase letters and, if possible, use punctuation marks from all over the keyboard.
One technique is to take a phrase that means something to you or a line from a favorite song and create a password by taking the first letter of each word of that phrase or line. Make sure to add in some symbols. For instance, you could replace an “a” with “@” but use this technique sparingly in your password.
Although you should never use the same password to secure highly sensitive information on more than one site, it’s probably OK to use the same password for low-risk areas, such as news or sports Web sites.
You should never give out real information in the password helper sections. So for your mother’s maiden name, make up a name you can remember. Use your favorite vacation spot instead of your place of birth. Substitute the name of a pet from a TV show or movie for your real pet.
This may seem a little extreme, but if an online vendor that’s storing your personal information gets compromised, then hackers could use that personal information to piece together details about you and access your account on another site.
Into the Vault
However, since most people need passwords to secure lots of important information, remembering more than one or two long passwords is difficult. That’s where password managers come in. These programs typically are encrypted and act as a vault to store all of your user names and passwords. You only need to remember one master password to open them up.
There are also lots of downloadable password managers, such as KeePass Password Safe, RoboForm and PassKeeper.I’ve personally tested and use KeePass, which is free and Open Source, and found it to be easy to install and use. Once you’ve set up the program, you create a database for your passwords. KeePass lets you organize passwords into groups, and it can generate secure passwords for you. Once the passwords are set, you can copy and paste them into Web sites or drag and drop them.
I’ve been told that RoboForm is also good but the problem I have with this program is I’ve found it installed by hackers on systems that have been hacked. Call me skeptical… but I’m not too comfortable using a password manager that hackers like to use in their sneaky little ways.
If you are the only one using your computer, you can have your Web browser automatically remember them for you. However, this shouldn’t be the only place you store passwords, because when data from your browser is cleared (or if your computer dies), your passwords will vanish.You can also download and install KeePass on portable media, such as a USB (Universal Serial Bus) flash drive, so you can have access to your passwords when using another computer. Make sure to copy your KeePass database from your computer to the USB drive. With KeePass Portable, I can quickly access all my regular websites from my office computer, my home computer or any public system I have access too.
KeePass Password Safe Portable
Lastly, if you’ve run out of good passwords try this FREE password generator – you chose the number of characters (remember 8 should be the minimum), what characters to use in the password and how many different passwords you would like generated. We’ve used this tool on a number of occassions when we wanted to assign a really secure password for someone.