Random Post: Dual-Monitor Display
RSS .92| RSS 2.0| ATOM 0.3
  • Home
  • About Me


    Once upon a time I frequently reused passwords. So if you knew my dogs name, or what kind of car I drove, you could easily have pretended to be me with just a little extra work. This is obviously a very bad idea, but I’m sure many people struggle with managing passwords for web sites and computer systems you access on a regular basis.

    Passwords are keys to your identity.  If a malicious person were to figure out your email password, what harm could they cause?  Could they quickly gather the names and contact information for your friends and family?  Could they figure out where you bank?  Could they reset your bank password by telling your bank that your password was forgotten?

    A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
    Wired Magazine

    Here are my tips for choosing the best passwords:

    • Use different passwords for every site/application.  Do not reuse them.
    • Change passwords frequently.  The more you use a password, the more you should change it.
    • Keep your passwords secret.  Guard them as if they were keys to your identity — they usually are.
    • Consider using a random password generator.
    • Consider using passphrases (e.g. Myhouseismadeofwoodandhasyellowsiding!)
    • Consider using acronyms (e.g. Mhimowahys!)
    • Do not use words, birthdays, family and pet names, addresses, or any other personal information in your passwords.
    • Do not use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.

    I strongly recommend using a password managment tool for three important reasons.

    1. Tools remember many passwords so you don’t have to.
    2. Tools can type passwords for you.  This makes strong passwords easy to use.
    3. Tools can create strong passwords which are complex, unique, and random.

    I have previously blogged about software based password managers PasswordSafe and KeePass.  Both remain excellent ways to manage your passwords.  I have now begun using a new online password manager services called LastPass.  Why change?  The primary reason is that I can now access my password database from my iPhone.  Otherwise, KeyPass is great!

    LastPass is an online service that stores your password data both on your PC and “in the cloud” so that you don’t need to carry it with you.  Remote storage means you can access your accounts from anywhere you have an Internet connection.  LastPass addresses privacy concerns by only storing data in encrypted form (256-bit AES).  They don’t have your encryption key, and the encryption / decryption is all done on your PC.   As a result, LastPass cannot actually read any of the data they store for you.  You can read the technical details here.  You can also save a copy of your encrypted password database on a USB memory key, and use standalone LastPass software to access it.

    For the ultra-paranoid among us, LastPass supports multi-factor-authentication mechanisms.  Requiring a combination of something you know (a master password) with something you have (like a YubiKey) to access your data makes it very safe.

    One of the unique features of LastPass is the ability to use a PDA to store your password database.  LastPass has mobile versions for iPhone, Blackberry, Android, and other mobile platforms.  I use the iPhone version which updates my local copy every time I start the software (if an Internet connection is available.)  Now I don’t even need a PC to find a password!

    LastPass has an assortment of YouTube videos that explain how their solution works, and tips for using it effectively.  I recommend you watch a few of these videos before getting started.

    I was able to quickly import my existing password database from KeyPass to LastPass.   Unfortunately the two tools use different methods to auto-type your credentials, so I did need to adjust some of my entries once they were imported.


    Comments are closed.