Segregate your passwords in categories
It's easier to manage Web site passwords
if you keep them in separate categories.
I use "nuisance", "sensitive"
and "critical" for my categories.
Any old password will do for the first. You
need something stronger for the second, and
critical Web site passwords should be "strong".
"Nuisance" passwords are for Web
sites that require a password before you
can access content -- "The New York
Times" for example. You can just use
one common password for all sites in the
nuisance category. For example use "loooky"
as the common password, with "loooky2"
as the alternative when a numeral must be
part of the password.
You can use a password generating formula
for "sensitive" Web sites. Examples
might be your Excite.com personalized page,
an About.com forum, and your Yahoo.com email
account. The passwords would be exc73xyz,
abo73xyz, and yah73xyz for these three sites.
You can guess the formula (but don't use
this one) from these examples. If a hacker
got one of these passwords, they could easily
figure out all your other "sensitive"
passwords, but you don't have that much at
risk except inconvenience.
You should definitely use a unique password
for each "Critical" Web site where
you need to log in. Online banking, mutual
fund accounts and broker accounts are examples
of sites that you should put in the critical
category. Use a separate "strong"
password for each of the sites in this category.
[more on passwords]
- Don't reuse sensitive or critical passwords. Generate a new one for each account
or website that needs a password. I also
use a different password for *every* website
where I need to logon, but there's no real
need to make these "nuisance" passwords
different for each website (see above).
- Don't use a word or number which can be identified
with you, such as your phone number, your
dog's name, your license plate, or the names
of family members. These are the kinds of
password elements that thieves and hackers
try first.
- Don't use single words, for example elephant.
Hackers can easily try all the words in the
dictionary with their computer.
- Don't use number's in simple phrases, for
example, 2myvisa or password4me. These are
also easy to guess because they're so commonly
used.
- Use a random combination of letters and numbers,
for example, ry83xt9q. Use at least eight
characters if that many are allowed. A password
manager (see below) is a good way to "remember"
passwords like this.
- Use upper and lower case letters if allowed,
for example, rY83St9Q. That makes the password
twice as strong. And if you can include symbols,
rY83$t9# is even stronger.
- If a long password is allowed(many don't)
you can use a "passphrase". For
example, "ArizonaYankeesNewYorkDiamondbacks"
or "TwentySevenDucks27andThree3Geese"
might be easy ones to remember.
- Don't write the password down and leave it
where it can easily be found.
Remembering passwords
I have two strong passwords that
I don't
keep on my computer and don't
write down
either. (I'd need them if the
house burned
down anyway, so it's better to
rely on memory.)
These passwords let me in to
Password Safe
(see below) to get my critically
sensitive
Passwords. I use them frequently
enough to
remember them, so memory works
for me (in
this case).
Mozilla is the browser I use. One of the things
I like about Mozilla is that is stores passwords
and form data. When you return to a particular
website, Mozilla then fills in your user
ID and password (or other form data) automatically.
I don't let Mozilla remember my critical
passwords though. I store them them in Password Safe. And don't rely on your browser as the only
storage place for any of your passwords.
It's too easy for them to get erased. You
also need to plan ahead to the day when you
get a new or different computer. Any good
separate password keeper will give you the
ability to back up and also transfer your
passwords.
The most secure (and relatively handy) way
that I know of to keep passwords is a program
called Password Safe. This free program will also generate strong
random passwords to use. (I have confidence
that Password Safe will keep my passwords
secure because it was developed by people
who are experts in security and encryption.
PGP (pretty good privacy) is a good alternative.
I use Dropit for less critical passwords. It makes passwords
available with just a click. There are many
other programs out there like Dropit. I'd
be careful about which one I selected though.
Some of them are spyware in disguise. Especially
the ones that promote themselves heavily.
If you couple a password keeper with automatic
form filling you've got a tool many of us
can make good use of. ZDNet reviews a few. Fred Langa recommends Al Robo Form. And don't forget that Mozilla does this too.
Resources
A good article on secure passwords at About.com.
|