Skip to main content

Gadget Wisdom

Category: Security & Networking

2 Responses

Password Security

In last weeks post on Laptop Security, we explored some of the special issues of keeping your laptop secure, many of which also apply to desktops. Now, there are many commercial products to assist you in that, but we will generally focus on the free and open-source ones. Remember, free does not mean bad. The open-source community has produced a great deal of quality software.

Now, we turn to the issue of password security. A few bits of common sense advice:

  1. Do not base your password on a dictionary word. Brute force attacks on passwords use dictionaries.
  2. If possible, combine letters and numbers, even better, non-alphanumberic characters, ie ! $ % etc.
  3. Vary the case of letters. Remember, FoUr is a different password than four or Four.
  4. Passphrases can be a good idea with sites that do not limit the length of your password. If ones do, try a passphrase as a mneumonic. For example, turn The Quick Brown Fox Jumped Over the Lazy Dog into TqBfJoTlD – hard to break, but easy to assemble when you log in. Note the varying case.
  5. Change your password regularly.

Now, that requires a lot of work. So, try some software assistance. While several commercial software packages allow for password vaults, we offer this nice free one, KeePass. KeePass is a password manager that stores all passwords in one database locked with a master key/password or key disk. A key disk can be stored on a USB drive, a floppy disk, etc. Just remember to take a copy of it and store it in your safety deposit box, a fire-proof safe, or with a loved one, in case of unexpected loss.

KeePass is a Windows program, but doesn’t store any information in the Windows registry. Thus it will work on older versions and newer versions of Windows and will continue to be updated. It can auto-type into web browsers and other programs. It is extensible with plugins and very configurable.

Look forward to our next part in this continuing series of securing your computer use, when we will discuss more secure tools you can store on your USB key-disk, and more about USB jumpdrives in general.

Published on September 11, 2006
Full Post
1 Response

Laptop Security

Jim Rossman of the Dallas Morning News advised of his experience leaving his laptop at an airport security checkpoint. Mr. Rossman is right, a simple business card attached to your laptop will allow its owner to be idenitified.

Our colleagues at Flight Wisdom suggested that you consider STOP. Security Tracking of Office Property, despite the name, works well for personal use as well. If you want your thief to know your name and address, putting it on the laptop will certainly help them find you, although that may be a bit paranoid. A third-party is certainly helpful in these cases. Also, the security plate, cemented to your laptop, is a theft deterrent in itself.

The next step after a security tag, or equivalent label is a laptop security cable. These cables are enough theft deterrent. Given time and a hacksaw, someone can remove these cables, but the goal is such things will delay them. Most theft is dependant on stealth and speed, not hanging around with such tools. Of course, finding a place to lash it in your hotel room on vacation is usually hard.

The final step is of course, in software. Set your computer BIOS to require a password, and then prevent booting from the USB port, a floppy disk, or a CD-ROM. If you need to do any of these things, go in and override it for the time you need it. Then, set a password for logging onto the system, be it a variant of Windows, UNIX, or the Mac OS.

Of course, protecting your files can be a matter of encyption. Check out a future post, when we intend to report on Encryption Tools as well as other software security for your laptop or even your desktop.

Published on September 7, 2006
Full Post

Get New Posts By Email