JDToellner.com -- Protecting Passwords

Protecting Passwords

The World Wide Web (www) has made my life so wonderfully convienent. I manage bank accounts on the web. I pay bills. I manage my stock portfolio. I order all sorts of products. All this from my work or home computer. Information is at my fingertips and I can very easily enter transactions, request information or download statements.

I use fifty web sites that require some type of username and password. For finaicnal sites requiring a username and password is mandatory in order to ensure my personal accounts are secure. For other sites this can be partly a nusinance but can also add convienence in personalizing things like book lists, movie listings, etc..

When I started using the web I tried to use one user name and one password for all sites. This made remembering easy. It suddently dawned on me that if my commonly used username and password were compromised somebody who discovered one username and one password could widthdraw money from my accounts, user frequent flyer miles, order books and have them delivered anywhere, send email messages from me to anyone on the internet, host web sites on my personal servers, access confidential company information, and the list goes on.

To prevent this from ever happening I created unique passwords for every site. If a password was compromised one and only one site would be exposed.This then created another problem. There was no way I couldremember all of these passwords, especially for sites that I visited infrequently.

I thought about writing them down on a piece of paper but there was no place to put it that was both save and convienent. Given that I accessed some of these web sites every day I would have ended up with convienent instead of safe and anyone walking into my office could have easily discovered them.

A coleague I work with is a computer and network security expert. She told me about a freeware PC program called Password Safe. I went to their web site (www.schneier.com) and downloaded the program. Password Safe is an open source program for users that have to keep track of dozens of passwords. Users can keep their passwords securely encrpyted on their computers and can access them with a single password. It uses the Blowfish encryption algorithm under the supervision of Bruce Schneier, the creator of the Blowfish algorithm.

Password Safe creates a database file that is stored on hour computer's hard disk. I find it most convienent to keep a duplicate copies at home and at work since I access web sites from both places.Password Safe also has a nice feature where it will create random passwords for you that look something like 30dan95. If you use common words in passwords you make it easier for the bad guys to figure out especially if pick something like 30Dan95 and you are married to a guy named Dan who got his MBA when he was 30 in 1995.

This program had an added benefit. If something were to happen to me I would want my wife to be able to access bank accounts and other important personal information. She already knows how to access my computer and now all she has to remember is a single additional password and she can access the fifty web sites with fifty unique passwords. Also, because Password Safe has a list of accounts she can easily find out where my personal information is. For instance, I have frequent flyer accounts at ten airlines and they are all listed in my Password Safe database.

I strongly recommend you use unique passwords and store them securely and encrypted. My theory is that if your passwords are too difficult to crack the bad guys are going to move onto someone who is an easier mark.