Blog‎ > ‎

Password Management

posted Nov 9, 2012, 2:11 PM by Daryl du Plessis   [ updated May 29, 2013, 11:17 PM ]
KeePassThese days it is getting harder to manage the plethora of passwords that are required for our everyday computing. Emails, websites, banking, etc all require a username and password to protect our information. Unfortunately the general rule is the more secure you want to be, the more complex your credentials become. You've probably heard of password strength, this refers to the complexity and length of a password. Simple dictionary words that are less than 8 characters are very weak and easy to crack. Hackers use tools that can guess passwords, hence password strength is an important factor if you want to avoid having your information accessed. A mixture of letters, numbers and special characters such punctuation marks or symbols helps with password strength. Generally it is better to have a password 8 characters or longer. One technique you could use is letter substitution. For example instead of using " elephant" as your password, you could substitute the letters symbols and numbers to make "3leph@nt" . The only problem is hacker tools can also perform a dictionary attack on substituted characters so you need to do a bit more to make a secure password. You could add additional numbers to increase the strength of the password. Another common security risk is if you use the same password for everything. It may be convenient but if one site is hacked then all your information can be at risk.

So what can be done to increase password strength but not drive ourselves mad trying to remember complex passwords? The use of password tools can help. There are various types of utilities available. One of my favourites is an open source and free utility called KeePass. It will allow you to store all your passwords based on categories, e.g. websites, banking, email etc. It will also encrypt your password file, which is secured by a master password. KeePass can also generate strong passwords that you can use for your logins. To make this even more useful you can store your password file on a Dropbox folder (see my article on Dropbox in the August 2012 issue of the Northern Valleys News) so you can access the passwords from any other computer. Due to the fact the file is encrypted there is little risk of a hacker being able to access your details if they get hold of the file. KeepPass has a number of ports (or related developments) such as MiniKeePass and KyPass which will allow you to open you passwords in iOS devices (iPads and iPhones) as well as versions for MacOS, Linux and Windows Phones. KeePass is a handy way to store your passwords but it will not automatically enter credentials into websites. There are plugins that can do this for the common web browsers though.

There are plenty of other tools that can maintain your passwords, as one size doesn't fit all when it comes to security. Premium versions of AntiVirus products usually include a password or identity safe tool. There are also standalone tools that can be purchased specifically for automatic signon and password management. Examples are LastPass and DashLane which have a basic free product and a more feature rich premium product. So now you have no good reason to keep your passwords on that post it note.