I want to: Free Ways to Track All Your Passwords

About

I want to

I want to - a page of utilities that help you do stuff you want to Web 2.0 applications

Subscribe to this blog's feed

Swicki

Blog powered by TypePad

Subscribe to 'I want to'

« Jaxtop - web desktop | Main | Create your own radio station »

Free Ways to Track All Your Passwords - lifehack.org

Free Ways to Track All Your Passwords. This is a good item from Lifehack. As well as software/browser related ways they suggest software such as:

KeePass
Clipperz
KeyWallet
Password Manager Plus
Password Hasher (Firefox add on)
Password Safe
Password Generator.

While I'm sure that all of these are good, I tend to think that Lifehack has it right when they say "The best solution may not even be a technology solution - remembering strong passwords could be as simple as coming up with a way to change a base password using the name of the online service you’re logging into. For example, if you come up with a base password of “xlg519″ (based on your partner’s initials and your cat’s birthday), you can add the first two and last two letters of a service’s name (”amon” for Amazon) and you’ve got your password!"

June 08, 2007 in Websites: passwords/registration | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/584823/19145748

Listed below are links to weblogs that reference Free Ways to Track All Your Passwords - lifehack.org:

Comments

Hello.
The masterpass + prefix method that you described is fairly common. While it's a little better than using the same password everywhere, it's not nearly as secure as you might think.

Here's a scenario that might illustrate why:

- Let's assume your master pass is XYZ86 and you then add a suffix to that for each domain. You'd have fliXYZ86 (flickr), amaXYZ86 (amazon), forXYZ86 (forum) and gmaXYZ86 (gmail).

- If, for example, the forum login isn't HTTPS, then a hacker can read your password as it travels from your browser to the forum's server.

- Now lets assume that the same happens for flickr. Now the hacker has a dictionary on you. He knows you use three letters + XYZ86 as your password on various sites.

- With this information he'll attempt to login to your gmail account with this formula.

- How many sites have you signed up for with that gmail account?

- The next step is to go any variety of banks or services, insert your gmail and click the "I forgot my password" link.

- With any luck, he'll get a hit, and some site will send your password to your gmail account - which he now has access to.

- He's in.

This is a very simplified version of what can happen, but it should give you an idea of how password re-use, and simple formulas can be bad news. The only remedy (alas) is to use a unique, random password for every single website and service. That's why you need a password manager.

Disclosure: I run an online password manager called PassPack. So I'm an interested party. But regardless of which product you ultimately pick, you really should choose, and use, a password manager.

If you would like to try PassPack, I've written a getting started guide on te company blog: http://passpack.wordpress.com/passpack-getting-started/

PassPack is a free service.

Cheers,
Tara
PassPack Founding Partner

Posted by: Tara (PassPack) | June 08, 2007 at 01:51 PM

I want to

How to do the things you want to do. Including many Web 2.0 applications.

About

I want to

Swicki

Subscribe to 'I want to'

Twitter Updates

Free Ways to Track All Your Passwords - lifehack.org

TrackBack

Comments

Post a comment

Recent Posts

Categories

Archives