Sunday, May 11, 2008

User Names and Passwords: How to Manage the Keys to the Kingdom

With all the sites that ask for sign-in passwords -- and all the havoc that could be visited upon your life should some thief crack them -- effective account access management is a top job for the savvy surfer. Naturally, you should avoid the obvious choices when setting a password. However, you should also never be obvious when setting up that password reminder failsafe device that asks you for Mom's maiden name.

Creating and remembering strong passwords -- like backing up our computers' contents -- is something many of us know we should do, but don't.

Can you blame us? Having to come up with user names and passwords for virtually everything we do on a computer is enough to make anyone use "Magic123" over and over. I've even heard of people who keep lists of passwords taped to their computer screens.

With a little time and some discipline, you can create strong passwords and do a better job managing them.

Of course, no matter how many precautions you take, no password is ever 100 percent secure. By the same token, you don't have to follow all the advice in this column to avoid password theft.

Be Obscure, Be Weird

By now, most people know that you shouldn't use personal information such as your name, birth date or address in a password. It's also not a good idea to use something obvious such as "1234" or "password."

Passwords should be at least seven or eight characters in length. The longer the password, the stronger it is.

Next, choose a password that would appear as nothing more than a random list of characters to someone else. Use both uppercase and lowercase letters and, if possible, use punctuation marks from all over the keyboard. One technique is to take a phrase that means something to you or a line from a favorite song and create a password by taking the first letter of each word of that phrase or line. Make sure to add in some symbols. For instance, you could replace an "a" with "," but use this technique sparingly in your password.

Although you should never use the same password to secure highly sensitive information on more than one site, it's probably OK to use the same password for low-risk areas, such as news or sports Web sites.

Get Creative

David Liberatore, the director of engineering at AppRiver, an antispam software company, said you should never give out real information in the password helper sections. So for your mother's maiden name, make up a name you can remember. Use your favorite vacation spot instead of your place of birth. Substitute the name of a pet from a TV show or movie for your real pet.

This may seem extreme, but Liberatore, who used to work in online banking, said if a vendor that is storing your personal information gets compromised, then hackers could use that personal information to piece together details about you and access your account on another site.

To be extra careful, change your passwords regularly.

If you are buying a new computer, you may consider getting one that comes with a fingerprint reader so you can just swipe your finger instead of typing in passwords.

Into the Vault

However, since most people need passwords to secure lots of important information, remembering more than one or two long passwords is difficult. That's where password managers come in. These programs typically are encrypted and act as a vault to store all of your user names and passwords. You only need to remember one master password to open them up.

If you use a Mac, you already have a password manager called "Keychain," which stores your passwords and can automatically enter them in login fields on Web sites.

There are also lots of downloadable password managers, such as KeePass Password Safe, RoboForm and PassKeeper.

I tested KeePass, which is free, and found it to be easy to install and use. Once you've set up the program, you create a database for your passwords. KeePass lets you organize passwords in groups, and it can generate secure passwords for you. Once the passwords are set, you can copy and paste them into Web sites or drag and drop them.

If you are the only one using your computer, you can have your Web browser automatically remember them for you. However, this shouldn't be the only place you store passwords, because when data from your browser is cleared (or if your computer dies), your passwords will vanish.

You can also download and install KeePass on portable media, such as a USB Latest News about USB (Universal Serial Bus) flash drive, so you can have access to your passwords when using another computer. Make sure to copy your KeePass database from your computer to the USB drive. There's also a free program called "KeePassX" that can open KeePass databases on a Mac.

© 2008 The Virginian-Pilot and The Ledger-Star. All rights reserved.
© 2008 ECT News Network. All rights reserved.

Source : http://www.technewsworld.com/story/User-Names-and-Passwords-How-to-Manage-the-Keys-to-the-Kingdom-62916.html



No comments: