« Jaxtop - web desktop | Main | Create your own radio station »

Free Ways to Track All Your Passwords - lifehack.org

Free Ways to Track All Your Passwords. This is a good item from Lifehack. As well as software/browser related ways they suggest software such as:

KeePass
Clipperz
KeyWallet
Password Manager Plus
Password Hasher (Firefox add on)
Password Safe
Password Generator.

While I'm sure that all of these are good, I tend to think that Lifehack has it right when they say "The best solution may not even be a technology solution  - remembering strong passwords could be as simple as coming up with a way to change a base password using the name of the online service you’re logging into. For example, if you come up with a base password of “xlg519″ (based on your partner’s initials and your cat’s birthday), you can add the first two and last two letters of a service’s name (”amon” for Amazon) and you’ve got your password!"

June 08, 2007 in Websites: passwords/registration |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8345223b869e200df352077ca8833

Listed below are links to weblogs that reference Free Ways to Track All Your Passwords - lifehack.org:

Comments

Hello.
The masterpass + prefix method that you described is fairly common. While it's a little better than using the same password everywhere, it's not nearly as secure as you might think.

Here's a scenario that might illustrate why:

- Let's assume your master pass is XYZ86 and you then add a suffix to that for each domain. You'd have fliXYZ86 (flickr), amaXYZ86 (amazon), forXYZ86 (forum) and gmaXYZ86 (gmail).

- If, for example, the forum login isn't HTTPS, then a hacker can read your password as it travels from your browser to the forum's server.

- Now lets assume that the same happens for flickr. Now the hacker has a dictionary on you. He knows you use three letters + XYZ86 as your password on various sites.

- With this information he'll attempt to login to your gmail account with this formula.

- How many sites have you signed up for with that gmail account?

- The next step is to go any variety of banks or services, insert your gmail and click the "I forgot my password" link.

- With any luck, he'll get a hit, and some site will send your password to your gmail account - which he now has access to.

- He's in.

This is a very simplified version of what can happen, but it should give you an idea of how password re-use, and simple formulas can be bad news. The only remedy (alas) is to use a unique, random password for every single website and service. That's why you need a password manager.

Disclosure: I run an online password manager called PassPack. So I'm an interested party. But regardless of which product you ultimately pick, you really should choose, and use, a password manager.

If you would like to try PassPack, I've written a getting started guide on te company blog: http://passpack.wordpress.com/passpack-getting-started/

PassPack is a free service.

Cheers,
Tara
PassPack Founding Partner

Posted by: Tara (PassPack) | June 08, 2007 at 01:51 PM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Recent Posts

Categories

Archives