Managing Your Passwords Securely

by on Nov 12, 2007 | 0 comments

With so much of our computing activity moving to the internet these days, it is quite common for people to have WAY more online profiles than can easily be kept track of. We have accounts at our banks, social networks, various online forums, email accounts, and probably even some other sites you registered for and forgot about. Being in the business I am, I have probably over 200 various online profiles at sites all around the internet. How does one handle that volume of username/password combinations?

The Wrong Ways

If you do it the easy way, you use the same password among all of your online profiles. This is not secure because the moment somebody else gets your password, they have much higher likelihood of being able to get into everything. I do not recommend alleviating the problem by doing this. Plus, inevitably you will have those outliers where you were unable to use your usual login. Then what?

The next evolution of the solution is the standard text file. But, again, this is ANYTHING but secure. I used to do this. I had all of my logins inside of a raw text file. I would open up the text file in any text editor, either hunt for or use text search to find the profile I needed, then copy and paste the login into the form. Again, very insecure. Your entire life is then sitting in an unencrypted text file. Imagine if someone got ahold of that file. It would not be pretty.

Some people try to depend on their web browsers to remember logins. For example, I use Firefox and often do take advantage of the browser’s ability to remember a login. When I return to the same site later, Firefox will pre-fill the form with my login. The problems here are twofold. One, it does nothing to help your memory. If something happens to the browser, you just lost all your logins unless you happen to remember them. Secondly, Firefox does not secure your passwords. If you go to the Options window and click on the Security tab, you will see a button for “Show Passwords”. Up pops a list of all your saved logins. The passwords will be hidden, but hitting the option “Show Passwords” in that window will show all of your saved passwords in unencrypted form with only a simple “Are you sure?” popup as the protection. So, no, web browsers are not a dependable nor secure way to store login information.

The Right Way

A much safer and the recommended way of doing it is to use a password manager. A password manager will store all of your passwords in a database-style utility, often allowing you to organize them into a folder structure. The password file is encrypted using various encryption algorithms and it will take a master password entry to get to any of your logins. So, you only need to remember one password to get to everything. But, that beats the pants off of having to remember nothing. If somebody was able to grab your password file, they wouldn’t be able to view anything. The data file is encrypted and they would need to know your master password.

There are a lot of options out there when it comes to choosing a password manager. Under Windows, my personal favorite is Password Agent, by Moon Software. This utility is very lightweight and easy to use. You can organize your passwords into a hierarchical folder structure. The program is completely portable which means you can copy it and your data file to any computer and it will work (even a USB drive). For security purposes, Password Agent will minimize itself to the taskbar after a few minutes of being open (to keep passers-by from reading your window if you accidentally leave it open). Opening it again will require the master password. All in all, this is a great password manager. It costs $24.95 to buy, but is free to try.

If you don’t want to buy anything, there are open source options as well that are equally as capable. KeePass is an open source password manager for Windows that is very capable and seems to do everything Password Agent can do. PasswordSafeSWT is another open source option available for Windows, Linux and OS X but runs on Java. Password Safe is another open source option for Windows.

Under Mac OS X, the best option out there is 1Password. It will securely store all passwords, any secure notes, etc. It also allows you to set up identities which will pre-fill web forms for you. On the browser side of things, it will integrate with Firefox, Netscape, Flock, Safari, Camino and Omniweb. It costs $29.95 and is free to try. This is the one I am now using on my Mac.

Conclusion

Don’t rely on your firewall to protect your computer for getting your passwords via a hack. Don’t depend on the fact that everybody who will be in the room with your computer won’t try to get your logins. Use some kind of password manager. It is infinitely more secure than a raw text file or using the same login for everything.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: