Brendan’s Blog

Once upon a time I frequently reused passwords. So if you knew my dogs name, or what kind of car I drove, you could easily have pretended to be me with just a little extra work. This is obviously a very bad idea, but I’m sure many people struggle with managing passwords for web sites and computer systems you access on a regular basis.

Passwords are keys to your identity.  If a malicious person were to figure out your email password, what harm could they cause?  Could they quickly gather the names and contact information for your friends and family?  Could they figure out where you bank?  Could they reset your bank password by telling your bank that your password was forgotten?

A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
- Wired Magazine

Here are my tips for choosing the best passwords:

• Use different passwords for every site/application.  Do not reuse them.
• Change passwords frequently.  The more you use a password, the more you should change it.
• Keep your passwords secret.  Guard them as if they were keys to your identity — they usually are.
• Consider using a random password generator.
• Consider using passphrases (e.g. Myhouseismadeofwoodandhasyellowsiding!)
• Consider using acronyms (e.g. Mhimowahys!)
• Do not use words, birthdays, family and pet names, addresses, or any other personal information in your passwords.
• Do not use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.

I strongly recommend using a password managment tool for three important reasons.

1. Tools remember many passwords so you don’t have to.
2. Tools can type passwords for you.  This makes strong passwords easy to use.
3. Tools can create strong passwords which are complex, unique, and random.

A while back I wrote a post about PasswordSafe, which I used to manage my usernames and passwords.  I later switched to a different tool named KeePass.  KeePass is also free and open source, but I think it is also easier to use.  I now also use LastPass which is a different on-line based password manager.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

The ability to auto-type usernames and passwords is infinately flexible with KeePass.  Auto-type is a very important feature, although I can understand why you may not initially think so.  Think about the strongest types of passwords.  They are long, complex, unique, and full of many different character types.  Do you want to type those in manually each time?  Once I switched to KeePass, my normal password length increased to 20 or more randomized characters wherever possible.  Since I don’t have to remember or type them, I prefer the really long/complex ones.

To manage my password database across several computers, I use FolderShare to synchronize it between systems.  This keeps my database of (as of writing 317) passwords the same across all my systems.  Occasionally I also copy the password database file to a USB flash drive so I can access accounts when I’m not using one of my own computers.

KeePass has many other great features.  The listing of features below links to their website.

Some websites with more complicated authentication schemes will require customization of the auto-type string.  The software “help” references provides details on how to do this.

Mozy is an on-line data backup tool. It runs in the background on your PC and transmits encrypted & compressed backups of your data files to a secure remote data center. This allows you to recover deleted or corrupted files without having to worry about traditional daily/weekly backups to disk.

The service is free if you have less than 2GB of data to back up. For $4.95 a month, you can backup up as much data as you can fit on one Windows PC (and fit through your Internet pipe.)

I have been using the paid version since I read a review in the Wall Street Journal last December.

Features include

• Open/locked file support
• 448-bit Blowfish encryption
• 128-bit SSL encryption
• Automatic or scheduled backups
• New and changed file detection
• Block level incremental backups
• Bandwidth throttling
• File versioning
• Public or private key encryption

I like to stay informed, and Bloglines is a great way to monitor blogs and websites for updates. Bloglines is a web-based RSS reader. Web sites without RSS feeds can usually be monitored using a custom feed creater such as FeedYes. Mobile versions are available for BlackBerries, iPhones, and generic mobile browsers too.

I really like the fact that if I view an article on my Blackberry I don’t have to view it again on my Desktop PC. Bloglines keeps track what you have read, so you don’t have to read it again (unless you want to.)

You can see a list of what I subscribe to here.

Key Features of Bloglines:

• All-in-one Blog and news feed search, online subscriptions, news reader, blog publishing and social sharing tools
• Available in 10 languages
• Mobile version optimized for handheld computers and cell phones
• Email subscriptions help manage your e-newsletter traffic
• Package Tracking (UPS, USPS & FedEx)
• Custom weather forecasts
• Quick Pick Subscriptions get new users started quickly and easily
• Personalized recommendations to find new subscriptions
• Bookmarklet for single-click subscriptions to any source
• Notifiers for all browser types to remind you when new articles have arrived
• Bloglines Saved Searches deliver future articles matching your key words and phrases
• Most Popular lists show the days hot topics and which blogs are getting the most noticed
• Handy add-on tools for bloggers such as automated blogrolls, subscription buttons

Do you use more than one computer? If you do, you have probably struggled with a method to share or synchronize files between them. I have been using a tool called FolderShare to synchronize files between my various PC’s for several months now. I synchronize My Documents, IE Favorites, and work-related project folders between my home desktop PC and my work laptop. It works over standard SSL ports, so you can use it nearly anywhere.

UPDATE: Microsoft re-branded FolderShare as Windows Live Sync since this article was first written.  The functionality is almost identical, and the service is still free.

Microsoft purchased FolderShare back in November of 2005. It has been free to use since then.

This is how the tool is described on its website:

FolderShareTM is a service that allows you to securely keep files synchronized between your devices, share files with friends or colleagues, and remotely download your files from any web browser. FolderShare consists of two components – My FolderShare and the FolderShare Satellite.

My FolderShare: Configure and manage your account from here.

• Go to www.foldershare.com from any web browser and login to access your “My FolderShare” page.
• From here you can do any of the following:
  • Setup devices to sync or share with
  • Invite others (via email address) to share your files
  • Manage your account – upgrade your subscription, change your email address or password
  • Get help
  • Download the latest software

FolderShare Satellite: The software you need to install on the device(s) you want to sync or share files with.

• The FolderShare Satellite will run in the background when you are online.
• As you update shared or synced files, it will automatically update them on the other devices connected.