We all know better than to use “12345″ or our date of birth as a password for securing our data. But, even though we take care not to use passwords that are too obvious, a lot of us have a tendency to recycle the same set of passwords over and over, and it’s not uncommon for some of us to use passwords that aren’t genuinely secure.
It’s understandable. Often enough, it’s sanity maintenance. I know I’ve rolled my eyes when my institution, for security reasons, periodically demands that I change my password on some of my databases (and won’t let me recycle passwords I’ve used recently). I know why they insist on it. They’re right to insist on it, especially given the sensitivity of some of the student data that faculty work with. Just yesterday, Lifehacker ran a post on why it’s so important to use strong passwords. Having your password at RockYou compromised may not be the greatest catastrophe in the world (unless you use the same password for all your other logins, but you wouldn’t do that, would you?), but imagine if the password that was compromised was the one you use for online banking, or for access to your students’ records!
The problem that’s sometimes kept me from using stronger passwords is the fear that I won’t remember them. After all, if I can’t remember my password, I won’t be able to access the information I need–and writing it on a post-it note that I stick in my desk drawer seems to defeat the purpose of having a secure password in the first place (or even having a password at all, for that matter). And the fact that one of the passwords is one that I only use about every six months doesn’t help, since I’m also asked to change it about every six months.
That’s why, about a year ago, I moved to using a password manager to keep track of my passwords for me, securely. In August 2008 Lifehacker polled their readers about their favorite password managers, and ran a post with their responses. The winners were:
- Sxipper (a FireFox extension)
- KeePass (all platforms)
- 1Password (Max OS X only)
- Roboform (Windows)
- FireFox’s built-in password manager
I’m currently using 1Password, and like it very well, especially since I can use DropBox to sync the keychain it uses between my home and office machines. If readers have experience with any of the others or with ones that aren’t mentioned here–or if someone has a great system for remembering strong passwords some other way–let’s hear about it in the comments.
The image in this post is by Flickr user Max (Tj) and is CC-licensed.
8 Comments
Just yesterday I took Lifehacker’s advice and moved to using strong and different passwords for all my important logins. it would take me years to move ALL my passwords from my old trusty password to this new style. So I just did the important ones first.
I took the advice I found in the articles linked above to make a rule for generating passwords that are unique to the site. This is not my rule, but as an example, you could put your initials, say ABC, with the first 3 letters of the website name, pro, and append the number of vowels in the website, 3, to make a password ABCpro3 or some such nonsense. My actual rule generates a password that is acceptable to all of my current sites and it was rated as “Strong” on every site that advised me of its strength. Then by remembering the rule, you can remember all your passwords.
I do use a password keeper, SplashID (since it syncs with iPhone and windows desktop) to remember all my exceptional passwords, ones I must change frequently and ones were I have other needs to store them. So far so good!
The Clipperz tool is pretty cool. I heard about it first from this podcast by Jon Udell in which he interviewed the tool’s creator.
I use the open-source Password Safe. It’s Windows-only, but also runs under Wine on my Ubuntu laptop.
I use 1Pass on my Macs. It’s very good in most cases. Sometimes, it can’t autofill in pop-up log-in windows – but works well otherwise. It’s synching features are vital, lets me get the updated or new passwords on both of my machines at the same time. I also like the credit card info feature, though I rarely use it.
1Pass also has an iPhone app, which I have but rarely use on my iPod touch.
There are actually several other Mac password solutions, if you peruse MacUpdate. PassWord Wallet, Wallet, SplashD Password Manager, PasswordVault Lite are just a few.
KeePass FTW.
I run it on a TrueCrypt encrypted drive. But I’m paranoid…
You forgett Sticky Password. I use it every day and it is really handful, secure and reliable. It also works with applications like Skype, QiP, etc.
http://www.stickypassword.com
A belated thanks to all for the excellent suggestions. I knew there had to be several options that I wasn’t aware of.
I use Handy Password manager because of wide functionality and it is very stable and reliable.
2 Trackbacks
[...] This post was mentioned on Twitter by Amy Cavender, ProfHacker. ProfHacker said: New at ProfHacker: @acavender on "Maintaining Sanity and Security: Why Use a Password Manager?" http://bit.ly/7Pbop1 [...]
[...] 25, 2010 by Eric V. LePage ProfHacker: “The problem that’s sometimes kept me from using stronger passwords is the fear that I [...]