Passwords multiply as users' rage rises

Baltimore Sun ^ | September 7, 2003 | Dan Thanh Dang

[Eala]

Baltimore Sun articles must be excerpted. (But the page loads quickly.)

[68skylark]

Can anyone recommend the best software for keeping a sensitive file -- like a file of passwords -- securely encrypted? (I use Windows XP Pro.)

[NYFriend]

I have one password for things I don't worry about, and two others for things I do worry about. Additionally, by job requires me to change one of my other passwords every thirty days. I must admit that I'm creative and clever with those, but not especially secure. I don't, however, write any of them down. More than the four passwords I already have would be too many.

[xrp]

http://www.pgp.com/products/personal.html

[Agnes Heep]

A strong password incorporating capital letters, numerals and special symbols works well in combination with a system policy that locks out users after three unsuccessful attempts. It's pretty tough to brute-force such a system. Users can create their passwords using variations on a familiar phrase.

[NYFriend]

Come to think of it, if you count PIN numbers, like the article does, I have three more unique passwords. That's nine total. And I have one combination lock and a few entry/exit codes to remember. Frankly, when you think of it, I do have too many number. I can hardly wait till we all have smart cards or Rf-chips inplanted in us that take care of all that.

[LadyDoc]

my passwords are variations of Tagalog words with numbers of stuff connected with my past. Professional codebreakers could probably break my code in about five minutes. (see the movie "clear and present danger", where Jack Ryan breaks a bad guy's computer code)...

on the good side, when the Trade Towers fell, a lot of critical business information was locked in outside computers, and the user who knew the password was dead. By talking with survivors and friends, half of these programs were unlocked...

[staytrue]

I have a sony vaio and keep my passwords on a memory stick that never has physical contact with my computer until I need to look one up.

[Diverdogz]

I use the written crib sheet method - the crib sheet is tucked away where nobody would likely find it and if they did, they wouldn't even know what it is. And, the crib sheet is more of a memory aid - it doesn't contain the actual passwords, only something to jog my memory.

[Cobra64]

I have one password for things I don't worry about, and two others for things I do worry about. Additionally, by job requires me to change one of my other passwords every thirty days. I must admit that I'm creative and clever with those, but not especially secure. I don't, however, write any of them down. More than the four passwords I already have would be too many.

Yup. Been there, done that. I don't write down any of them. I have one password for dopey things like Yahoo, MSN, Fox News, Rush's site, etc. For serious stuff, I have one complicated password that I use for online banking, getting into my securities accounts, etc. When I'm with my clients, I manage a common password among /across all clients. The IT folks think I'm a pain in the butt, but they cave when I explain that if they will not accomodate me, I'll just put my password on a Post-It-Note on my monitor; they quiet down very quickly.

[CIB-173RDABN]

You can take a routine word document, and enter your password list at the bottom. Then change the color to white.

I currently have about 20,000 documents on my hard drive (don't ask) and unless someone knows where to look, it would be almost impossible to find the one I am using to list passwords.

[Eala]

my passwords are variations of Tagalog words with numbers of stuff connected with my past.

Interesting. I used to keep a list of passwords, but found that unworkable. Then I came up with an algorithm for generating them. (This is perhaps a violation of Schneier's dictum about the insecurity of the unknown algorithm, but what else is one to do?)

[general_re]

Of course, what's probably keeping your information safe is the fact that it's mostly not all that valuable to other people ;)

[killjoy]

One of the best way to handle numerous passwords is to use the same password for the same security type of system. For example, if you use a lot of online shopping sites like amazon.com, go ahead and use a common password for all of these types of sites. If you use online forums, use a common password for all the forum sites. The strength of your password needs to be relative to what it is trying to protect. The type of password needed for sensitive personal information is different than that needed to protect a credit card number and is also different from just a chat website. Using this type of system can limit your passwords to a very small number and still provide adequate security.

Remember that there are very very very few systems that are actually broken into because of a bad password. Almost all security problems are caused by implementation mistakes. As in real life, it is much easier to put a gun to someone's head and ask for the password than to spend hours or days trying to guess it. The password is not the weak link in the security.

[Eala]

I can hardly wait till we all have smart cards or Rf-chips inplanted in us that take care of all that.

Contact biometrics is one thing, but anything "trackable" (RFID, facial recognition) disturbs me.

[RANGERAIRBORNE]

"...and the note in his wallet is written in Chinese digits in Korean script. "

Hey- he stole that from ME!I've been doing that for years. Now everybody will be able to figure it out. Thanks a lot.

[general_re]

As soon as someone builds a camera with high enough resolution to snap your palmprint or iris from a hundred yards away, contact biometrics will be "trackable" too... ;)

[Reeses]

Strong military grade software based security such as PGP will keep out most people however a government or well-funded hacker can easily defeat it by installing a keyboard logger, either software based or a physical bug. Always keep in mind that software based encryption is never entirely secure.

[Centurion2000]

I have a bout 50 different password that I haveto keep in my head. a REALLY good trick is to memorize about 5 words and 5 number sequences then rotate them with special charcater s like ! @ # and $ ..... then your passwords get really complex and it becomes a lot simpler to 'crack' your systems should you forget one.

[tortoise]

You can take a routine word document, and enter your password list at the bottom. Then change the color to white. I currently have about 20,000 documents on my hard drive (don't ask) and unless someone knows where to look, it would be almost impossible to find the one I am using to list passwords.

Umm... Beyond running a simple scan for documents that have white-on-white text?