Password Security
In last weeks post on Laptop Security, we explored some of the special issues of keeping your laptop secure, many of which also apply to desktops. Now, there are many commercial products to assist you in that, but we will generally focus on the free and open-source ones. Remember, free does not mean bad. The open-source community has produced a great deal of quality software.
Now, we turn to the issue of password security. A few bits of common sense advice:
- Do not base your password on a dictionary word. Brute force attacks on passwords use dictionaries.
- If possible, combine letters and numbers, even better, non-alphanumberic characters, ie ! $ % etc.
- Vary the case of letters. Remember, FoUr is a different password than four or Four.
- Passphrases can be a good idea with sites that do not limit the length of your password. If ones do, try a passphrase as a mneumonic. For example, turn The Quick Brown Fox Jumped Over the Lazy Dog into TqBfJoTlD - hard to break, but easy to assemble when you log in. Note the varying case.
- Change your password regularly.
Now, that requires a lot of work. So, try some software assistance. While several commercial software packages allow for password vaults, we offer this nice free one, KeePass. KeePass is a password manager that stores all passwords in one database locked with a master key/password or key disk. A key disk can be stored on a USB drive, a floppy disk, etc. Just remember to take a copy of it and store it in your safety deposit box, a fire-proof safe, or with a loved one, in case of unexpected loss.
KeePass is a Windows program, but doesn’t store any information in the Windows registry. Thus it will work on older versions and newer versions of Windows and will continue to be updated. It can auto-type into web browsers and other programs. It is extensible with plugins and very configurable.
Look forward to our next part in this continuing series of securing your computer use, when we will discuss more secure tools you can store on your USB key-disk, and more about USB jumpdrives in general.
September 17th, 2006 at 10:14 pm
[...] For portable versions of various popular applications, visit Portableapps.com. It includes portable versions of the Firefox Web Browser and the Thunderbird Email Client, as well as an IM client, a portable version of OpenOffice, and so on. Our ideal portable applicatiion USB drive contains Openoffice, Firefox, Thunderbird, TrueCrypt, KeePass(which we mentioned in a previous post), and Miranda IM Portable. Our data USB drive contains KeePass, TrueCrypt, and our secure data. In a future post, we will discuss how to install a bootable operating system on your USB drive, if you wish to go a step further in mobile security. Just remember when using a USB drive with portable applications that they can spread viruses and malicious code in between computers. Scan your USB drive for viruses on a regular basis, especially when it has been in strange computers. Also, back up your USB files regularly to ensure your protection. [...]
October 3rd, 2006 at 9:51 pm
[...] In a recent article, we wrote on the subject of Password Security. We advocated creating a secure vault to store your passwords. As a recent article by CNET news indicates, sometimes you can take password security too far. When William Talcot, a prominent poet, died in June…his daughter couldn’t notify most of his contacts because his email account and online address book were password protected. It is a not uncommon problem. As more and more information is kept on computer and on websites, the danger that in the event of an emergency or death this information will be inaccessible to loved ones is increasing. [...]