If you are like many “Internet-aware” folks today, you probably have several e-mail accounts. Maybe, one with Google’s Gmail, another with Microsoft’s MS Live, and Yahoo, or AOL, and so on. In addition, you probably have accounts on multiple sites for banking, shopping and social networking such as Apple’s iTunes, Facebook, Linked-in, etc. Each of these accounts and sites requires a user ID and password. That means keeping track of several different IDs and passwords, with their various complexities. It can be daunting.
People and companies have developed different methods and tricks for keeping track of accounts and passwords. One way is to use a password management utility. Examples include Keepass, Password Vault and Password Safe. I do not use them but I understand they work fine, though you should know you need to be on a computer where you have them loaded or you have a portable solution.
Since I work from a variety of computers with varying security levels, I’ve long been using applications from http://Portableapps.com">Portableapps.com. These applications are portable versions that can run from a USB drive and do not require administrative privileges on the systems they run on. Additionally, they allow you to keep your applications and preferences with you on whatever system you are working on.
I do not recommend using public terminals or computers you do not trust for these since you cannot determine whether they have password loggers or other malware on them. I use a variety of computers but I have enough trust in them to run my portable applications. These include an e-mail client, browser and various utilities. This way, my preferences and bookmarks travel with me. Other folks use Google, Microsoft Live, and or similar online free sites and utilities to achieve the same goal, though my admonition about using public or completely untrusted systems still applies.
Getting back to password management, I do not use a portable password management utility even though they are available. Perhaps I am a Luddite, but I still rely on a system of about four password levels I use for different types of sites.
At the lowest level, I have a user ID and associated e-mail account with a low-level security password for sites I do not deem particularly trustworthy, and maybe even suspect. If the password is compromised by some evil staffer at one of the sites, they could potentially use the credentials at a few other sites but none of them would yield much value.
Beyond that, I use a different password for slightly more trusted sites and social networks. A level-two password for shopping sites like Amazon where my credit card might be stored and then my highest level password is used for online banking.
A recent online article I read discussed an analysis of compromised passwords from a major site. The results were interesting. Some passwords were as bad as you would expect with people things including “password,” “God,” “userid,” etc. Others were more interesting and consisted of keyboard patterns like “asdf1234” or “159357.” These may appear tough because they have multiple character types as is commonly recommended, but attack dictionaries for hackers have begun incorporation keyboard patterns into their arsenal.
However you store your passwords and, for as inadequate as passwords may be, they will be around for a long time. I suggest you consider using passphrases consisting of short sentences incorporating numbers and punctuation somewhere towards the middle – something of 15 or more total characters. Use a utility if it is convenient and helps you but be careful about using systems you don’t know.
Contact Lee LeClair, a founder and chief technology officer of Ephibian, through the company’s website http://www.ephibian.com">http://www.ephibian.com">www.ephibian.com or (520) 917-4747. Ephibian, headquartered at 3180 N. Swan Road, provides software development, data integration and Web design services. LeClair’s Tech Talk column appears the third week of each month in Inside Tucson Business.