Wednesday, February 22, 2012 7:37pm CST
HideMyAss.com

Don’t Let Passwords Be the Weak Link in Your Security Chain

January 19 2012 by vhargrave

lock
Have lots of Internet website accounts? Here are some suggestions to make your password management life easier.

Doing business on the Internet involves logging into a variety of password-protected accounts. Using good passwords can keep the bad boys from stealing your valuable data, but coming up with good passwords and managing them across several accounts can be challenging.

Choosing Strong Passwords

When an Internet thief wants to hack into one of your accounts, the most direct approach is to try several passwords with the hope that one of them can be used to login. Hackers frequently use password cracker software that automates this process by producing likely candidates. So choosing hard to guess passwords makes breaking in more difficult.

Microsoft published an article on its security website that provides several guidelines for choosing hard to guess passwords. Key aspects of strong passwords include:

  • Length – Passwords should be at least 8 characters long, the longer the better.
  • Complexity – Use a variety of letters, numbers and special characters (the characters above each of the numbers on your keyboard like @ ! # - and so on). Don’t use predictable strings of characters for passwords like your name or names of family members, birth dates, dictionary words, names of geographical locations or sequences of the same character or number.
  • Variety – Use a different password for each account. This makes sense. If you use one password for all your accounts, then whoever gets that password can login to any one of them.
  • Variation – Change your passwords on a regular basis. I’d suggest changing them every year.

If you have any doubts about the quality of your passwords you can verify their strength on Microsoft’s password checker page.

Use a Password Manager

Ok, so far so good. You know how to select strong passwords, but you have several accounts and a different password for each one. Now you need a way to keep a record of your Internet accounts and corresponding passwords so you don’t have to remember them all.

Writing them down is not such a hot idea nor is storing them in a text file or spreadsheet on your computer. Anybody can steal your passwords if you leave them lying around like this. The best way to store your passwords is to use a password management application that enables you to keep your passwords in an encrypted file that only you can open. The password manager I recommend is KeePassX.

With KeePassX you can maintain your passwords in any number of encrypted files, each of which are password protected. Of course you have to remember these passwords in order to open the files. To keep things simple I suggest you use just one file for all your Internet accounts.

KeePassX also has a password generator that lets you create very strong passwords, which is really handy when you run out of ideas of your own.

There are versions of KeePassX that run on Windows, MacOS and Linux so you can manage your password file on any of these systems. Since KeePassX encrypts your password file you can safely share your password file across the systems from remote disk drives on your local area network.

Getting Started With KeePassX

  1. Select File > New Database…
  2. Enter a password for this database…
  3. Click on OK.…
  4. Select Entries > Add New Entry… which produces the dialog box shown below.

  5. Enter the account Title, Username and account URL as shown in this example. Not e you organize your passwords into groups. The default groups are Internet and eMail. In this example I’m just using the default Internet group.…
  6. To get help from KeePassX with generating a strong password, click on the Gen. button. This opens the Password Generator dialog box shown below

  7. You can choose random, pronounceable or custom password character sequences. In this example I use pronounceable and all character types. You can also set the password length to make really complex passwords. 14 characters is plenty in this case. Click on the Generate button to get your password.
  8. If you want to see the password characters, click on the button with the eye in it
  9. Click on OK to enter this password for you account.
  10. When you return to the New Entry dialog click on OK to save the password record
  11. At the main application panel you’ll see your new account with the user name and passwords obscured as shown here. You can choose to hide or show your user names and passwords by choosing those options from the View menu.

  12. When you are done select File > Save database to save your password file

About vhargrave

vhargrave picture

Vic Hargrave lives in the SF Bay Area. He has over 20 years experience as a software developer and manager. He blogs on Internet security and other tech topics at VicHargrave.com.

Categories