Monday, May 16, 2011

Keep your friends close and your passwords closer



With the continued growth of internet usage more and more people face a challenging problem. The more frequent you visit different websites, the greater the change you will have to create some account for that particular website. Gone are the good all days when you had just one account (email) and one password for your Windows/Linux/Mac. There is a mis-attributed quotation from Bill Gates "640K ought to be enough for anybody". I wonder if it refers to 640K of user credentials. Because honestly, while I'm not quite there, I don't have much to go.


Having many registrations does pose a very interesting problem: "where do you store the usernames and passwords?". The simplest solution is to create one username(like myname) and use it for all accounts (myname@gmail.com, myname@yahoo.com and so on). In order to remember the different passwords the simplest choice is to select only one and stick with it. In fact there are a great deal of users that do just that (and yes I do know people who use such a system). If you are such a person I advise you to STOP being ridiculous and switch to something different A.S.A.P. I think it is obviuos why it is wrong. 

The best means choosing credentials when registering is to make your registration seem as random as possible. I for one, use my bmvbooris id on services where I need/want to be identified. That is, where someone interested can Google "bmvbooris" and see information about me. For all other registrations (such as news feeds) I use different alliacies as usernames (sometimes even randomly generated). The other important part is that I always use randomly generated strong passwords. I believe that strong passwords, in general, are a must if you want a safe browsing experience. An interesing article written by Gina Trapani called "Geek to Live: Choose (and remember) great passwords" gives some hints on how to choose easy to remember strong passwords.

And now the big problem: many many many usernames and even more hard to remember passwords. Where do I store all of them??? Sure, the best place to store passwords is in your head. And for the most frequently used services this can be applied. However what about those websites that you visit just once ore twice a month? Its quite hard to remember a password if you don't use it very often. That's why I would recommend a password manager. It is the most effective way to store passwords. There are many to choose from, but I personally prefer KeePass

"KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish)" (from the KeePass website). The complete list of features can be found here.

Another favorite among password manager users is LastPass, the "password manager that makes web browsing easier and more secure". Although not as secure as they thought since they recently got hacked. An interesting guide on choosing a password manager can be found here

In a later post, I will further detail KeePass.








No comments:

Post a Comment