Ok, so everyone hates typing in passwords over and over. There are just so many to remember. “How am I supposed to be responsible for remembering my passwords for financial institutes, social web sites, news media sites, insurance companies, etc?”
As an IT consultant I see way too many simple passwords being used for critical logins. It’s hard, I know. Trust me when I say that my own mind is filled to capacity. With this in mind, I want to assure you that you can create over 100 secure passwords by applying 1 rule – it is that easy.
Here’s what you need to do. Create a base password and then apply a rule that creates an acronym for this service. For example, if your base password is “8uff.” Then your password for Windows (work or home) could be 8uffWIN7, and your password for GMail would be 8uffGM@il, or for Quickbooks, use 8uffQB00ks. Notice that I maintain case sensitivity as well as swap out vowels with special characters? This can be done with vowels and numbers; 3 = E,e, 0 =O,o, etc. It is also good practice to use at least 8 characters for your passwords. The more characters, the stronger your security becomes.
Now that we have a method for creating secure, yet meaningful passwords, you still have to apply them constantly right? It’s so easy to become lax and start setting your browsers and other applications to store them for you. I understand how convenient this can be, but let me say that I have received numerous calls over the years where someone walked away from their desk for lunch without locking their machine and only to return to find they’ve become a victim of hacking. Or worse yet, someone let a coworker or “friend” use their computer.
Almost any application that requires you to login will also provide an option to save your password. Once you’ve done that, your password may as well be plain text for someone with malicious intent. Behind the scenes, even if the application encrypts the account information, it’s doing so with a static key that can be easily deciphered through some reverse engineering. This means that somebody not only can, but has also probably developed a utility to recover these passwords.
Let’s assume that your laptop has been stolen, the only way to truly secure your data would be to encrypt your entire drive. Unfortunately, even the toughest Windows password can broken with a number of open source linux based boot CDs. Encrypting the drive is the only secure way and this process is a beast of its own.
Getting back to the subject at hand, securing your secure passwords. If you are creature of leisure and the arduous task of constantly typing your passwords are too much, then I would recommend looking into Password Manager with a strong master password assigned to it.
There are many password managers to choose from. For instance; Keepass, RoboForm and LastPass are all cross-platform tools. If you are an avid Firefox user then you must already know that Firefox has a strong password manager built right into the application *wink wink*. Knowing this, you should make sure to enable a (strong) Master Password.
Firefox Master Password
To Do This: Select Tools –> Options –> Security and check the box for “Use a master password.”
Once you’ve done this, Firefox will store all of your passwords with rock solid AES encryption. Again, you must use a strong master password. NOTE: a decent 8+ random character password will take many years for a brute force attack to crack it.
Every time Firefox loads one of your secure sites, it will, by default, request the master password. Once authentication has been verified the authentication will be active for the entire session. This means you can open and close your Citibank account all day so long as Firefox is never completely closed. Do you see where I am going with this? This can be bad if you’re in the habit of walking away from your computer. However, there is an option to install a Firefox plug-in, Master Password Timeout. This plug-in allows you to set the authentication to expire, which is handy if you walk away from your desk without remembering to lock Windows (Short key Win+L.)
Remember: Don’t underestimate the importance of a strong password, not just a good password, but a strong password. Securing your data should not be any harder than you make it on yourself. A simple password is like guarding your house with a screen door. Would you do that?