Cytherian
Vista Guru
As many of you are probably aware, it is important to have a strong password--something not easily guessed or hacked. You'll find that in many cases where you are registering on a website, you'll be given some interactive feedback on how strong your password is (e.g. "1234" is extremely weak, "Joe1234" is a little better, and "Joe_1234_Montana" is strong).
It is often discouraged not to use the same user ID and password in all places. So, in time you'll find that you've amassed quite a number of different credentials (for e-mail, website login, banking, etc). How do you keep track of them? Well, if you are able to keep your life rather simple, you may have 2-3 different credentials so it's not hard to remember them. But what if you've got dozens?
While I try to help ease the effort of remembering passwords by using a fairly consistent pattern (like taking the initials of a website, embed a combination of numbers and dashes that isn't my birthday or SSN and is easy for me to remember, followed by my initials), I began to find that the task of remembering all of them was a bit daunting. (NOTE: For accounts that require significant security, such as banking, I use a different password string pattern I won't disclose here). So, I had to find a workable solution.
There are a number of different solutions to managing your passwords. Here are three I've come to know:
My way of managing my credentials via an Excel workbook probably appears a bit tedious, but once I started doing it, the time it takes to load the spreadsheet, supply the password, then navigate to the worksheets takes me less than 20 seconds. Plus, I can copy this file up as an attached document to a draft e-mail on-line, so I can reference it from anywhere.
Now, I know my strategy isn't as secure as 128-bit encoding, but I feel it's clever enough that most hackers won't even think that this file has any useful meaning and will easily bypass 99% of attention. Even if it does get any attention, as a recently edited file perhaps, opening it up is another element of subterfuge. The leading and trailing worksheets don't look like they have any information desirable for the hacker and they'll just abandon it. But using something like TrueCrypt encryption is probably the safest way to go for protecting a password document.
What's your credentials management strategy?
It is often discouraged not to use the same user ID and password in all places. So, in time you'll find that you've amassed quite a number of different credentials (for e-mail, website login, banking, etc). How do you keep track of them? Well, if you are able to keep your life rather simple, you may have 2-3 different credentials so it's not hard to remember them. But what if you've got dozens?
While I try to help ease the effort of remembering passwords by using a fairly consistent pattern (like taking the initials of a website, embed a combination of numbers and dashes that isn't my birthday or SSN and is easy for me to remember, followed by my initials), I began to find that the task of remembering all of them was a bit daunting. (NOTE: For accounts that require significant security, such as banking, I use a different password string pattern I won't disclose here). So, I had to find a workable solution.
There are a number of different solutions to managing your passwords. Here are three I've come to know:
- The first and easiest of all is to write them down on in a private notebook or paper that you keep handy yet locked away for safe keeping. It's not electronic, so it has absolutely no direct connection at all to the source and is completely invulnerable to hacking. But, it's not easily revised/edited without looking sloppy, cannot be centralized for access from multiple places, and has the capability of being lost or damaged.
- The second way is to use a 3rd party software program for managing credentials. There are a number of them available for download on the Internet. Some are free and some require a nominal fee. Are they a good solution? Well, that depends upon their approach. If they create a 128-bit encrypted file with a seed that only you know, that's pretty good. But there's also the matter of portability. If the password file is installed and embedded in your system, you can't easily copy it elsewhere for safe keeping and reference for when you're away from your computer. You always need the client software to read it. One easy way around this is to have a USB drive with the credential software installed on it, so you can take it with you. Yet, there is also an on-line solution called Last Pass (see Tom982's post below).
- The third way is to create your own password file. Now, anytime you put data in a file, there is the chance that it could be copied and read by someone else. You do not want to create a file called "passwords.txt" and have "username, password" labeled on your credentials. At the very least, you'll want to use a file type that you can easily password protect. Microsoft Excel has 2 levels of security, one for reading and one for modifying. Although talented hackers can break through this, most people won't be able to. There is also the matter of how you label your credentials. It's best to have 3 columns: user name, password, e-mail. But, if it's also useful to have the website as well. Of course with this combination, even without labels it starts to become clear as to what the data is. My solution? I use Microsoft Excel and create 100 worksheets inside a workbook file. For the first few and last worksheets I have some benign data entered. This way it looks like the file has a mundane purpose. BUT... embedded on several worksheets located around the 80th sheet, I have my password worksheets. It's easy to get there--just hit "last" then click a few times on the "back" direction and I'm there. Also, with ALL of my passwords I leave a common numeric sequence out, replaced by "..". Only *I* know what this numeric sequence is. So, if by some chance someone found these worksheets, they wouldn't know what the correct password really is, providing yet another layer of security.
--> Probably a more effective solution is to use whatever document you wish and encrypt it with "True Crypt", which is a very effective (and free) open source solution.
My way of managing my credentials via an Excel workbook probably appears a bit tedious, but once I started doing it, the time it takes to load the spreadsheet, supply the password, then navigate to the worksheets takes me less than 20 seconds. Plus, I can copy this file up as an attached document to a draft e-mail on-line, so I can reference it from anywhere.
Now, I know my strategy isn't as secure as 128-bit encoding, but I feel it's clever enough that most hackers won't even think that this file has any useful meaning and will easily bypass 99% of attention. Even if it does get any attention, as a recently edited file perhaps, opening it up is another element of subterfuge. The leading and trailing worksheets don't look like they have any information desirable for the hacker and they'll just abandon it. But using something like TrueCrypt encryption is probably the safest way to go for protecting a password document.
What's your credentials management strategy?
Last edited:
My Computer
System One
-
- Manufacturer/Model
- HP Pavillion dv5t
- CPU
- Intel Core Duo 2.53GHz
- Memory
- 4Gb
- Graphics card(s)
- NVidia GeForce 9600M GT 512Mb
- Screen Resolution
- 1280x800 32bit
- Hard Drives
- Seagate Momentus XT 500Gb Hitachi Travelstar HTS543225L9A300 250Gb
- Mouse
- Microsoft 4000
