Keep your passwords safe

This post kinda goes in line with the last post. I kinda hoped to get all of this in one but I forgot to add this. In the last post, I talked about some good things to do to keep your home systems safe. This, of course, only pertains to Windows systems. It is part of my answer to "What should standard home users do, to secure their systems and information?"

Another issue that people run into is that they tend to use the same password in many places. Their password on their bank site, is their password on their Facebook account, is their password for their email. Others may use one password for "secure" things like banks, credit accounts, etc. Then another password for simple things like Facebook, blog sites, fantasy football sites etc.

This is not good! This is how people get their identity stolen a lot. There are many times where a criminal will find information on a Facebook or Myspace wall or posts that can lead them to either a password to get into their email or worse yet their bank. Another problem is that some banks and more secure sites will give you some questions to answer to reset your password. People use information like birthdays, pet names, favorite sports teams etc. The problem is that home users are also posting this information to these social network sites.

So what do we do Curt? Download a password manager such as the one I use here. A few things I like about this application is that it can generate good passwords for you. If you go the properties of a new entry you will see a password policy. I would recommend using 15 or more characters and use all available types of character such as !#%^ etc. Then click the Generate button on the main page of the new entry. This will create a password with the length you specified with the values you specified. (note: some passwords can contain such odd characters that your site or application might not accept them. You will then need to read the FAQ on that site to know what their password policies are and possibly make some adjustments).

After you have your new super strong password, your probably thinking how am I going to remember this? The good news is that you don't have to! When you create a password database, it will ask you for your main password. Make this as strong as you can, but the key here is to make one that you can remember. If you forget this password, there is no going back! No one I know can retrieve lost passwords from this system. Thats a good thing from security, but bad if you forget.

Now I will say something that you won't hear from me often! In this case, it might make sense to write down the password on a piece of paper and keep it in your home safe. You can also ask me for some whimsical ways to store this information in your phones contact lists and such as well. The only reason I say this is because if you loose it, you will not get this data back!!!

So if you run the Password Safe application, it will ask you for your password. Once you enter the correct password, you will see a list of all of your entries. Right click the entry and you can choose to copy the password. You can then paste this into your browser when the website asks for it. So you never have to remember this. You can also choose edit and display the password if you need to.

There is another nice option here. If you have an entry for a secure site such as a bank, it has a notes section. What I do when they ask for password restore questions, I give completely bogus information. To remember what questions and answers I used where, I put it in the notes section. This helps protect us against someone that might be trying to harvest information for our questions on the Internet because the information is completely false and off the wall. That is why I need to keep track of what I put :)

The only other thing I can add to this is to not save passwords in the browser. Do not use a site's (or browser) functionality to remember passwords. This is a bad idea. In some cases this information can be pulled by an attacker to obtain your passwords. Just keep your password safe handy and your passwords will be very secure.

But what happens when I'm away from home and don't have my laptop and password safe. Good question! Password Safe has an option to install to a USB drive. You can get a 1GB USB Thumb drive for $5 or $10 bucks tops these days. If you do that, you will always have your password safe with you.

One final recommendation is that some secure sites, banks especially, offer what is called multi factor authentication. If your not sure if your bank offers it, ask. This is basically a token that they will send to you, put on your card, or they can text to your phone. This value is a random number that changes normally every 30 seconds or so. When you enter a password on a site, you will also need to put a PIN number along with the numbers that are on this token at that very moment. This is probably one of the most secure ways to access secure data across the Internet at this time. Even things like online games are offering this type of security. When in doubt if they do offer it, ask.