Wednesday, August 20, 2008

Passwords and Credit Cards

(I thought about titling this "Playbills and Monkeys", but only Karin would get that reference.)

One of my favorite geeks, Jesper Johansson, recently wrote a 3 article series on the fact that for the general populous security is all about passwords and credit cards. And he's right, of course. One of the questions then becomes, how does one manage passwords?

Passwords should have a few qualities:

  • be difficult to guess
  • have a good combination of letters, numbers and special characters
  • be unique to each site so an attacker can't use information learned from one site on any others

It's that last one that makes things difficult. How do you remember a separate password for every site? The answer is to use a password manager.

A password manager should have a few bits of functionality:

  • Generate new passwords
  • Make it easy to get the password from the app into the site
  • Be portable
  • Be free

The one that I use that meets all of the above is KeePass Password Safe. What's also great about KeePass is that it can run off a USB stick drive, meaning that it's portable.

The basic step is to come up with a master password which is used to encrypt the database of passwords. The main login looks like this:


The Master Password should be something good - I recommend a sentence that only you would know (a personal fact that nobody knows, an obscure movie quote, etc.). I have a personal fact that I use, and I use the finger print reader on my laptop to "type" it in. The "Key File" is the database file with all of your passwords. When you want a password, simply click on the one you want, a quick Ctl-C to copy it to the clipboard, and then paste it into the site. What's also nice is it will clear it out of the clipboard in 10 seconds to avoid any program from accessing it.


And finally, you can generate a password based on any specifications you need. (Side note to all site designers - please make it very clear what characters I can and can't use, as well as the maximum size, for all password registration screens. Thank you.)


I'd also like to mention the fact that the program is documented very well on their site.

This is a call to everyone - use strong passwords. And use a password manager. This is the one I use, but there are many others out there.

Just a little geek tip for you.


MADCookie said...

Hey there is something wrong with this site. A few of the images were out of focus. Um, maybe you could send those images to me directly? :-)

I love the summary of password criteria!

jersey said...

I'll make sure I send those right over. ;-)

I'm a big believer that showing usernames shouldn't make a difference. But I just got a little paranoid... ;-)