What's your "Go-To" Password?

by Erik Lane 30. May 2006 17:08

Everyone has one, you know you do.  When you sign up for an online service or register for a site you always use your "Go-To" password.  The one, if all others don't work, you try because you know it will be the one you could remember.  Password theft is getting easier and easier every day the more and more people use passwords like this.  You need to use a ridiculously long password with UPPER CASE, lower case, numbers and special characters sprinkled in the mix.  It's a password that you probably shouldn't be able to remember.

Well, your normal password maybe strong enough to fool a regular stranger because they don't know you but what about people that do know you or real password hackers who use automated processes to generate random strings of letters together and have patience beyond compare?  I love Jeff Atwood's comment:

"I have fifty online logins, and I can't remember any of them."  “What's my password? I can't use the same password for every website. That's not secure. So every password is unique and specific to that website...."

There are typically two camps on this topic.  One it to use a passphrase instead of a password and the other is to use software to keep track of your ridiculously long passwords.

A passphrase is normally a made up sentence including capitalization and punctuation (for more details see Robert Hensing's great post on the topic).

For example:  "IliketovisitWashingtonD.C.!" or "I'msittinginthetheDFWairport."

Both of these passphrases are long, have UPPER case letters, and special characters but they don't have any numbers but you've got a pretty strong passphrase that you could remember.  If you do something like this instead of your normal password you've increased your security ten times (not sure on the numbers but you get the idea).  I generally like this idea and have even tried it multiple times.  The only issue I've had with it was that my sentences were typically too long.  Most sites and services that require a password set the maximum length on the password at around 15-20 characters.  This would cause me to adjust my passphrase to make it shorter and turn it into a sentence that I couldn't remember for the life of me.  I could remember what my original sentence was but I couldn't remember what I did to shorten it so I was stuck.  I was able to reset my password but then had to come up with another sentence....the cycle started over again.

Software that stores your passwords kind of sounds like the opposite of secure.  One of the most known rules about passwords is to never write them down, period!  So how is storing your password with software any different?  All of your other passwords are secured using one primary password.  This one primary password should something very strong - like a passphrase.  :-)  This is the setup I've been using exclusively now for about 18 months and I really, really like it.  My software of choice is RoboForm.  I was a little hesitant at first so I did my research on the product and after the initial install I was scanning my system for spyware and "unknown" traffic a couple of times a day.  I did this to make sure nothing was leaving my system without me knowing it.

I wasn't really sure how RoboForm worked and how having it store my passwords could make a difference.  The basic is this - after RoboForm is installed a new toolbar is setup in your browser of choice (extension is available for use in Firefox).  When you hit a site that you have a password for, a button shows up in the toolbar ready for you to click.

After clicking that button it prompts for your primary password and then fills in and submits the page with your password for that site.  That's it in a nutshell.  Pretty straight forward and easy to use.  All of the files it stores on your system are hashed  with your choice of algorithm (DES, 3DES, AES, Blowfish, or RC6).  For me, the real genius here is that it also comes with a random password generator that I use to create new passwords and then store them in RoboForm.  The generator will create very strong passwords that I could never remember but I don't have to.  Roboform commands like this are accessible from the context menu.

So right now I've got 67 different passwords that I have no idea what they are.  But I do remember what my primary password is and I change it on a regular basis.  Yes, I do back up these files.  I use FolderShare to copy them back to my server at home so I have them in two places.

RoboForm has other cool features that I've learned about after using for a while but that'll have to be another post specific to RoboForm.  One such feature is Pass2Go that I suggest you look into as well.  RoboForm has a free trial version that limits you to 10 login accounts but never expires.  So if that's all you need then you're set.  To register the product is only $29 and then you've got unlimited login accounts and free updates.

Giddy Up!

Tags:
Categories: Development & Geek Stuff
E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (3) | Post RSSRSS comment feed

Comments

StatMan
StatMan on 3/24/2007 6:11:00 AM

Thanks for the RoboForm review. I have just started using it and have found it to be very good. I also appreciated the link to FolderShare. Thanks for sharing good stuff you have found.

eriklane
eriklane United States on 3/24/2007 7:56:00 AM

Thanks StatMan, I'm glad to help out and I'm glad you enjoyed the short review of RoboForm.  FolderShare is a nice little app that is very, very useful and I trust you'll like it too.

Kathy Mead
Kathy Mead on 9/8/2008 9:51:00 PM

Thanks, nice post, i recommend roboform too, very useful.

Comments are closed