[PCWorld]

Post your comments for Password Management: Idiot-Proof Tips here

[Boletusedulis]

"So it’s critical to use a different password for each and every site you visit."

I don't know, there are several dozen websites for which I really don't care if they are hacked: none of my personal data exists there. So they all get the same crap password. All of the "personal data" I provide is phony, just something to put in the required fields. I do use secure passwords when I spend money or access government services.

[Toulinwoek]

Boletusedulis, on 03 August 2011 - 01:06 AM, said:

"So it’s critical to use a different password for each and every site you visit."

I don't know, there are several dozen websites for which I really don't care if they are hacked: none of my personal data exists there. So they all get the same crap password. All of the "personal data" I provide is phony, just something to put in the required fields. I do use secure passwords when I spend money or access government services.

Same here. I have one fairly strong, but long-ago memorized password I use for news forum sites and the like, where the worst that can happen is someone makes me look like an idiot by posting something stupid as me. But where security actually matters, I use very strong passwords.
I see no point at all to a person wracking his/her brain trying to come up with strong passwords when there is a plethora of programs, many free, that will generate very strong ones for you, AND remember them. No excuse. One of my favorite such programs is KeePass (NOT to be confused with KeyPass, which costs money). KeePass is free, pretty powerful and can generate very strong passwords. It's not my main password tool, but still excellent.

[TroyBasshamz2x3]

Toulinwoek, on 03 August 2011 - 06:44 AM, said:

Boletusedulis, on 03 August 2011 - 01:06 AM, said:

"So it’s critical to use a different password for each and every site you visit."

I don't know, there are several dozen websites for which I really don't care if they are hacked: none of my personal data exists there. So they all get the same crap password. All of the "personal data" I provide is phony, just something to put in the required fields. I do use secure passwords when I spend money or access government services.

Same here. I have one fairly strong, but long-ago memorized password I use for news forum sites and the like, where the worst that can happen is someone makes me look like an idiot by posting something stupid as me. But where security actually matters, I use very strong passwords.
I see no point at all to a person wracking his/her brain trying to come up with strong passwords when there is a plethora of programs, many free, that will generate very strong ones for you, AND remember them. No excuse. One of my favorite such programs is KeePass (NOT to be confused with KeyPass, which costs money). KeePass is free, pretty powerful and can generate very strong passwords. It's not my main password tool, but still excellent.

I have old passwords that I stick with as well, especially since they're already ingrained into my brain. I only recently started using password managers because the list got to be ridiculous. Rick mentioned mostly web or subscription based services but nothing about USB managers. Any opinions on this?

[aweysham]

Many thanks for the tip on creating strong password. I just need to modify my existing passwords to make stronger. Thanks!!

[FamilyofSmallFrogs]

Definitely good advice. I resisted using a manager for years becasue I thought it would be inconvenient, but now I have one installed on my iPhone and I totally love it. I'll admit though, I'm paranoid about online security, so I opted for Secret Server which seems geared for business use and probably more heavy duty on the security side. Once you've started using a manager, you'll probably never go back to having the same password for everything again!

[6daleb8]

Great hints Rick! Another hint I advise my customers who make their own passwords is to never use the same character in a password twice!

[Bruce1pyr]

"So it’s critical to use a different password for each and every site you visit."

And that's the rub. Who can remember a different complex password for literally dozens of different sites? And don't forget to change them on a regular basis! Seriously, another method needs to be found.

"So it’s critical to use a different password for each and every site you visit."

And that's the rub. Who can remember a different complex password for literally dozens of different sites? And don't forget to change them on a regular basis! Seriously, another method needs to be found.

[Dzebruk]

Bruce1pyr, on 06 August 2011 - 07:28 AM, said:

"So it’s critical to use a different password for each and every site you visit."

And that's the rub. Who can remember a different complex password for literally dozens of different sites? And don't forget to change them on a regular basis! Seriously, another method needs to be found.

"So it’s critical to use a different password for each and every site you visit."

And that's the rub. Who can remember a different complex password for literally dozens of different sites? And don't forget to change them on a regular basis! Seriously, another method needs to be found.

Bruce, you're not paying attention! That is what a password manager does for you. It can create a distinct hack-proof password for each site and keep track of them for you. Most or all of them also allow you to copy and paste your user name and password into the log-in boxes, so you don't even have to fumble around the keyboard typing in dIi1$+Bv4*~_'<,3#haPpPj\=,.@mno)O0 etc

I used Password Corral in Windows for years, but now I do 99% of my work with Ubuntu (good fun telling Bill Gates & his Evil Empire to shove it), so I've migrated over to KeePass. There's a few things I like better about PW Corral, but it doesn't work in Linux, whereas Keepass is cross platform and you can access your passwords from either Ubuntu or Gatesware. If you're in business and need something more complex, they're out there. I believe one is called LastPass and there's Roboform. Why anyone would try to function without a PW manager is incomprehensible to me, but if your memory is that good, my hat's off to you. Nowadays, good memory is just a memory to me.

[jman90]

TroyBasshamz2x3, on 03 August 2011 - 01:34 PM, said:

I have old passwords that I stick with as well, especially since they're already ingrained into my brain. I only recently started using password managers because the list got to be ridiculous. Rick mentioned mostly web or subscription based services but nothing about USB managers. Any opinions on this?

If you're familiar with the KeePass manager mentioned here, then it has a portable version that can be installed to a usb drive. This is great for taking all your secure passwords with you wherever you go. You can find this at portableapps.com, along with other great apps that can all be installed to a usb drive. Really worth a quick look.

[Mike1960]

KeePass is what I use. It also has a nice Android app. I keep the data file on Dropbox, so it is always up to date.

[TroyBasshamz2x3]

jman90, on 07 August 2011 - 12:48 AM, said:

TroyBasshamz2x3, on 03 August 2011 - 01:34 PM, said:

I have old passwords that I stick with as well, especially since they're already ingrained into my brain. I only recently started using password managers because the list got to be ridiculous. Rick mentioned mostly web or subscription based services but nothing about USB managers. Any opinions on this?

If you're familiar with the KeePass manager mentioned here, then it has a portable version that can be installed to a usb drive. This is great for taking all your secure passwords with you wherever you go. You can find this at portableapps.com, along with other great apps that can all be installed to a usb drive. Really worth a quick look.

I wasn't aware that Keepass also had a usb function. I had been looking at Roboform and the MyLok (relatively new) which both seem to have pretty good security measures. I'll take a look at Keepass and portableapps. Thanks for the tip.

[upchucked]

Well, as I told the lovely girl at the electric company the other day, if someone wants into my account to pay my bill, let them in.

One password for everything except my bank accounts, my stock trading account and credit card account. Get it and you can have a ball paying my bills. No, you can't turn off my service, I have that locked. But, have fun trying.

[JeanInMontana]

I use the same ones for the most. The only way I could ever remember them all would be with a password manager and they are a PITA IMO. Firefox remembers mine and I have a few good ones for sites that need strong security.
On my own web site I force password renewal every 30 days to keep the site from being hacked. I host some security items that have had their home site hacked and we host it just so there is always another copy of the file 'out there'.

[MargaretSegaljky2]

RE the sites that remember all your passwords - there's only one password for that site - what if someone gets that password!

[Nestorius]

I use RoboForm and find it secure but they seem to want to nickle and dime you to death. I bought the license and should get updates at no additional charge. I have a desktop I use at home and a laptop when traveling and RoboForm forces me to change versions every time I travel. I have about a 100 passwords and a password manager is a necessity not a luxury...

[TheOldTopkick]

I have never regarded myself as a great brain, but when I someone tells me somethying is simple, I expect it to be in fact, simple. It has been more than 30 years since I took an IQ test and I don't think my brain power has faded that much. At that time it was an IQ of 128. I cannot believe that safe and secure passwords cannot be made simple. I might suggest the name of one of your children, your wife, sweetheart or whatever in lowercase plus a year that has special meaning to you and followed by some punctuation mark. This should be easier to remember than some form of scrambled numbers and letters.

[Helium2]

TheOldTopkick, on 01 November 2011 - 11:38 AM, said:

I have never regarded myself as a great brain, but when I someone tells me somethying is simple, I expect it to be in fact, simple. It has been more than 30 years since I took an IQ test and I don't think my brain power has faded that much. At that time it was an IQ of 128. I cannot believe that safe and secure passwords cannot be made simple. I might suggest the name of one of your children, your wife, sweetheart or whatever in lowercase plus a year that has special meaning to you and followed by some punctuation mark. This should be easier to remember than some form of scrambled numbers and letters.

Yep. And easier to crack, too!
The black hats have some pretty sophisticated algorithms that can target that simple approach to password creation.
It's not that difficult to follow some of the suggestions posted here, no matter what you score on a test. ;-)

When you underestimate the abilities of your adversary you hand him the advantage.

[free2speak]

I use Fast Access with facial recognition on my laptop. The FA password manager helps a lot, but some sites (mostly banks) do not support it. Good tips on the strong passwords. I hate passwords and they are proven to be a weak defense. There is a real need for a better solution.