Password Protection
By Cate Eales
Appeared August 11, 2005 on castanet.net
In earlier columns we discussed several easy-to-use
utilities to safeguard your computer from outsiders. (If you missed those
columns, you will find them archived at
www.rlis.com/.) That's a good start toward a good online experience.
Another important consideration is password management.
Password Management
We are all, by now, familiar with banking PIN numbers and requests for our
mother's maiden name. As we use our computers for more things --- and more
important things --- we are confronted with more demands for passwords. We
are told to use different passwords for different things, and to use
strong passwords for everything. A strong password is difficult to detect
by both humans and computer programs, and consists of at least six
characters (and the more characters, the stronger the password) that are a
combination of letters, numbers and symbols. Passwords are typically
case-sensitive, so a strong password contains letters in both uppercase
and lowercase. Strong passwords also do not contain words that can be
found in a dictionary or parts of the user's own name. Or their pet's
name.
Well that's a pain, isn't it? Now we need some kind of gibberish for each
and every program and website that asks for a password, and it has to be
difficult to remember, AND we can't write it down! I suspect that many of
us use either a simple password over and over, or the use a complicated
one and then write it down somewhere easy to find - like a post-it note
stuck to the monitor. I often find a file called "pw.txt" on my clients'
computers. No prize for guessing what it contains.
I once had a job where I had access to something like 30 systems, each
with its own login and password. This became so overwhelming that I made a
spreadsheet to manage them, password protected the spreadsheet, and ---
you guessed it --- forgot the password.
Now I use a simple, free password organizer called Oubliette, available
from
Tanglos Software (http://www.tranglos.com/free/index.html).
The major advantage is that I can choose different passwords for different
sites without having to remember them. The Oubliette files are encrypted,
so no one can read them unless they have the master password.
I use the new FireFox web browser which asks if I want it to remember my
passwords for web sites. If I say yes, each time I visit that page the
browser logs me in. This is convenient for low risk sites like Major
League Baseball's online radio broadcasts. It would be quite easy for
someone with access to my computer to retrieve these saved passwords (or
visit those sites posing as me) so when I browse to my credit card company
or bank, I tell the browser to never remember the password. That's where
Oubliette comes in. For these sites, I use a strong password. AND I change
it frequently, updating the entry in Oubliette when I make the change.
Some speculate that even this will be unnecessary one day as biometrics
become cheaper for computer manufacturers to install and easier for users
to manage. It won't even be necessary for us to remember our own names as
long as we have fingerprints!
--
Cate Eales has been helping people make online computing safe, accessible
and fun for over 20 years. She lives in Kelowna with her husband, Eric,
and her dog, Sandy. Email Cate at cate@rlis.com with your comments,
suggestions, or questions. To browse the column archives, visit the Real
Life Internet Solutions website at
www.rlis.com.
© Cate Eales 2005 - All Rights Reserved
