Let’s Talk About Passwords
- February 26th, 2010
- Posted in Security . Tips and Tutorials
- By Davezilla
- Write comment
Here’s another good take on the Twitter “Is this you lol” Phishing scam. I really like that author, Graham Cluley reminds readers to use better passwords. People. This is basic and yet 33% of you use the same password everywhere. This is ludicrous.
Would you pin your child’s social security number to their jacket and send them to school? Of course not! But you’ll use the same password because you can’t be bothered to spend 30 seconds to think of a new one. I mean, that’s 30 seconds less you would get to play Farmville, god forbid.
But I digress… Let’s be constructive here. Passwords. There is nothing more critical to the security of your basic identity than having a set of good passwords to use. I know what’s running through your head right now. “I know, I know should do that, but I just can’t remember more than one and I know enough not to tape it under my keyboard.” Congratulations. You’re half way to recovery. Now you just need some tools.
Unless you have a truly random brain, you need to use a password generator. There are several free ones. Go use these ones now.
- Strong Password Generator is one of my favorites. You can choose the number of password characters (please don’t choose fewer than 12), whether or not to include symbols (yes, please!) and it even gives mnemonic hints to help you recall the password, despite it being quite random.
- From Bytes Interactive comes two password generators. One creates passwords similar to Strong Password Generator with several options, the other generator creates 1337 passwords (LEET) which are based on a phrase you can recall. They also have a secure server.
- RandPass has been online forever and generates very good passwords. What I like about them is the ability to generate large batches of passwords at once.
You also need some place to store passwords, but no, written down on paper is for chumps who deserve to be robbed blind. Do it right. Use a password database. Here are some of my favorites:
- 1Password. This costs $40, but isn’t your identity worth it? 1Password can also generate them for you and has a 100% moneyback guarantee. It also comes as an iPhone app. Mac only
- OnePassword is free. It integrates into Internet Explorer as a toolbar and has many of the features of 1Password.
- How about your blog? A great plugin by Marcel Bokhorst exists for WordPress, called One-Time Password. As the name implies, it generates password logins for WordPress that can only be used one time, preventing password theft. Outstanding plugin.
Hope these tips help! Do you know of any good password generators or password databases I didn’t mention? Let us know in the comments.
No related posts.
I love 1password. Great product. If you’re on PC another free option is Bruce Schneier’s Pass Safe. (http://passwordsafe.sourceforge.net/) You are all about the WP plugins!
There’s allot of power in those things.
Yeah, well, you know I loves me some WP!
For users who REALLY suck at remembering passwords (or who you know will write down the password anyways, even if they say they won’t), I recommend they do something non-obvious to the password they write down that only they know. For example, every 3rd character in the PW, as written, is superfluous, or the last 5 characters are backwards, etc. That way if it falls into the wrong hands, the written PW will be useless.
I’ve also noticed that people who use multiple passwords—usually strong for banking, weak for email—believe that their email password isn’t as “valuable” as their banking password, so they don’t use a very secure pw for email. Unfortunately, password resets for banking, etc. will be emailed to their “unimportant” email inbox! One could argue that your email credentials is your most valuable creds!
That is a fantastic point, Mark! Email PWs need to be on triple steroids.
Mark, this is a really good point. Now that you mention it, something I’m reading about is the use of web based access to SMS with weak passwords. This is bad as well since some authentication systems use SMS for high risk systems.
I use lastpass.com for my password needs. Just another suggestion. The firefox plugin is all I have and it works great. Disables FF insecure password system. Has alot of options.
Oh I remember using that before, Larfus! Good call.
Great comments! If you want to read a great book about passwords, check out Dave Kleiman’s “Perfect Passwords”. He goes into detail about how to create good passwords that are effective and practical. He shows some interesting math about password complexity vs password length. Pretty interesting. Changed the way I think about passwords.
Nice, I’ll check out Perfect Passwords! I just looked into Lastpass (they have a Chrome extention… hopefully it works on the Mac version!), and it appears that along with Xmarks it’ll make hopping between browsers (which I love to do!) VERY easy, and more secure. Dig!