Tuesday, December 29, 2009

Passwords Made Easy, I Promise

I have two tech tidbits before I get to the meat of this column, how to create and use secure passwords easily.


The first tech tidbit concerns the continuing saga of the animal that's invaded our house. As you may recall, the smart people at Aardvark, www.vark.com, the human-based answer line, all said that it was a mouse that was stealing the Perugina Baci chocolate. Nothing else in our kitchen was touched and there were no, um, droppings, so the only clue as to what it was came from the stolen Perugina Baci chocolate, with the shredded remains of the wrapper. Last week my daughter said she saw a mouse in our kitchen, apparently confirming what the helpful people at Aardvark had already told me. Just to be sure that my daughter hadn't mistaken the mouse for something else, I asked her what it looked like. She replied, "a mouse." Fair enough. I guess that's definitive. (She is, after all, a mouse expert, having seen a myriad of Disney movies.) A few days ago we baited a Have-a-heart trap with Perugina and peanut butter. The mouse, apparently too light to trigger the trap, stole both the chocolate and peanut butter on subsequent nights. We're awaiting the arrival of a more mouse-oriented humane trap.


Tech tidbit number two: If you haven't thought about using Picasaweb, Google's online photo sharing service that can also be used to back up your photos, here's another incentive: For a limited time Google is giving away a 4 gigabyte Eye-Fi memory card if you purchase 200 gigabytes of storage for $50. An Eye-Fi card is a secure digital memory card, normally $60, which goes in your camera. It has a unique feature: An Eye-Fi card lets you wirelessly upload your photos to your computer and to one of several online sites. No wires, very handy! You can read more about this offer at http://picasa.google.com/eyefi.html.

---

Passwords. Let's talk about passwords for a moment. There are two rules that everyone should follow when it comes to passwords. No, not should. Must. The first rule is never, ever use the same password in more than one place. If you use the same password in more than one place, all a crook has to do is figure out your password and then everything you own that's online becomes that crook's. Using one password requires that you trust every employee at every company where you use that password, too. And trust that people who work for that company won't lose the passwords on a stolen laptop. Et cetera, et cetera. You get the idea: One password can expose your whole life to permanent misery.

The second rule is to make all your passwords strong, using random letters, numbers, and characters. Passwords should be impossible to guess or predict. This is a good password: Iiomh!8H. This is a bad password: Palin2012. Some services bar the use of insecure passwords. If you sign up for Twitter and try to use an insecure password (insecure = stupid), you're barred from using that password. Some stupid passwords are "password," "naked," "beavis," "123456," and "secret". Insecure passwords come in all flavors. What's an insecure password? Anything that somebody can guess based on personal knowledge of you. Any word in the dictionary. Any password that does not contain at least some upper case letter, punctuation mark or number. A friend of mine used his son's name followed by his own birth year as his Facebook password. A hacker guessed his password and broke into his Facebook account. Worse still, my friend used the same password for his Gmail account. The hacker promptly impersonated my friend on Facebook and Gmail.

Here's a short article on how to make strong passwords: http://www.microsoft.com/protect/fraud/passwords/create.aspx (http://goo.gl/JDBD).

So how do you use a unique, hard-to-guess password everywhere? Get a password management program that generates passwords, stores them, and logs you into websites automatically. I use the password management program, Lastpass, http://www.lastpass.com . With Lastpass all you need to remember is a single password, and that password opens the door to all of your other passwords. Lastpass recognizes websites, so it knows to log you in: One click and you're logged on to any website. Lastpass keeps a copy of your passwords stored on your computer and on their server, encrypted, so that you can access your password-protected websites from anywhere. All of your computers and browsers are synched. Lastpass also has an anti-keystroke logger to thwart programs that are sometimes installed on public computers to record passwords by recording all keys pressed on that computer. (Oh yes, Internet cafes and hotel business center computers are popular among crooks as places to steal logon information.) Lastpass will not log you into fake websites, helping to prevent you from being phished.

Lastpass will also disable the insecure password system in your web browser. That's a handy feature: If a thief steals your laptop, without the master Lastpass password, that thief can't get into any of your password-protected services. There's a mobile version for Lastpass that fits on a thumbdrive, as well as an iPhone app. You can create secure, encrypted notes using Lastpass, too. Your confidential information can be protected and available to you everywhere. I like it. Lastpass serves me well.

Lastpass isn't the only password management software, either. Keepass, http://www.keepass.info , and RoboForm, http://www.roboform.com , are two other password management programs that get terrific reviews.

There's a bit of a learning curve involved with any password management program. But once you get the hang of it, you'll not only be protected, but you'll never forget another password again.

No comments:

Post a Comment