free invisible hit counter The Good Computer Guy Blog :: Password (in)security

« Instant Messenger clients - Digsby, Pidgin, etc | Main| Giving up my newspaper »

Password (in)security

QuickImage Tags: Internet Software Security

Passwords are important - they protect our e-mail, financial information, our files... everything.  But they're also a huge security hole.  The problem is there are just too many places that need passwords, so most people end up doing one of two things - either you use the same password everywhere (which is what most of my clients seem to do) or you write them down.  There are obvious problems with both methods of course.  Also, while it makes my job much easier, you really shouldn't be giving your passwords to the computer guy.

There are a few fixes to this problem.  First, companies can try to simplify systems instead of complicating them.  I have one large client where I'm forced to keep track of at least 7 passwords to various systems I need to use there (and then 5 more Lotus Notes test IDs.)  None of the passwords are synchronized with each other, all have various schemes of complexity required, and some need to be changed every so often.  It's really hard to keep track of all that so, yes, I wrote them down (gasp) on a sticky.  At least I kind of hid the sticky note.

From the user side of things I have 2 recommendations.  One option is to use "password safe" software where you can record your passwords.  I use a database in Lotus Notes but there are lots of free programs out there that do this.  Of course you need to use a good password to protect your password safe!

Another option which may be even simpler is to devise a methodology for creating passwords or passphrases.  One of the easiest, yet still secure, methods is to use the first letter of each word in a phrase you will remember.  How about "This is my online banking password which I created on 9/22/08"?  Or Timobpwico92208?  It's relatively unlikely that anyone will figure out what that means or where it came from, yet it's still pretty easy to remember.  For more secure passwords you can mix in special characters too.  The best, most secure passwords are a long strings of nonsense characters with numbers and special characters mixed in but they're not much good to you if they're so complicated that you forget them or you have to write them down to remember.

How do you handle YOUR passwords?

Posted by Bill Greenberg On 09/22/2008| Digg This |

Contact Me


email -
Twitter - Follow on Twitter
LinkedIn - LinkedIn
AIM - AOL IM
Yahoo - Yahoo IM
MSN - MSN IM

Archives

Search

Subscribe to This Blog

Full posts   Comments

Add to Google Reader or Homepage Add to netvibes Subscribe in NewsGator Online Add to My AOL Subscribe in Bloglines