Security for Dummies

security tips and tricks

Back to passwords

Yes, we have lots of passwords – bank accounts, e-mails, computers, domains, instant messengers, you name it – and we need them all. We may forget them and we do. I am not talking about those who have only one password for all, they are just not aware of risks. Regular PC user needs at least 10 passwords.
I think that we all agree that we need a Password Manager. The only question is which one to chose.

What to Look for in Password Management Software
Password management software should be easy to use and useful to the most inexperienced computer user. It should also be secure enough to keep hackers out and passwords safe. These are the criteria that one shall consider when selecting a best suitable solution for his money:
• Feature Set – The best password management software provides applications and tools to help manage passwords and login information. This may include saving personal data or credit card information, program functions like web site launching capabilities. Automatic capture and filling of forms shall be of highest priority.
• Ease of Use – Password management programs should be easy to program and manage, even for computer novices.
• Portability – The ability to launch application and to save records to a removable device. Alternatively a web access to the stored passwords can be used
• Security – Most importantly, the software should provide password security to its user. Passwords shall be kept encrypted. User shall have an opportunity to make backups of saved information and generate passwords with encryption algorithms.
From the whole range of password managers only two answer these requirements:

RoboForm2Go – a popular one and
n-Pass2Go – the best one
Get it from CNET Download.com!

Alternative mode of operation, as I have mentioned already, is to store passwords online and access them from any computer. This novel approach deserves more attention.
First and most interesting IMHO is a Clipperz. Good – smart design, good idea, Ajax. Drawbacks –rather complicated operation. My personal concern is also about keeping all my passwords somewhere online. Even assuming that staff cannot access and decrypt my files, it can be done by hackers with brute force attack. And in case that I forget the master password – all gone.

Then, I would like to mention Passpack. Another nice and fast developing tool. It fills passwords automatically from the Ajax window. The same minor concern – keeping passwords, a most valuable information online. I personally will use it for some accounts not containing information on bank accounts, credit cards and social security.

The last one, myVidoop.com, was suggested by Kevin Fox in his comment to one of the previous posts. An interesting idea of replacement of master password with image categories was implemented there. Major drawback to my oppinion is a lack of portability. I mean that you need to install plug-in to enable automatic form filling. This is impossible when you are working on public computer or at work.

I am going to continue writing on password managers. Keep reading or subscribe to RSS

Advertisements

July 8, 2008 - Posted by | passwords | , ,

4 Comments »

  1. Hi! Just wanted to mention, we also have just released an offline version of Passpack on Google Gears, and a desktop application on Adobe AIR. Here’s the link:

    http://www.passpack.com/info/extras/

    Both can be used to sync with your online account, or completely stand alone, or both – one installation will run as many accounts as you’d like.

    Looking forward to more posts about password managers.
    Cheers!
    Tara

    Comment by Tara | July 9, 2008 | Reply

  2. I had one thought re: portability, if you use FireFox Portable

    Windows: http://twurl.cc/2kj
    OSX: http://twurl.cc/2kk

    You could just put FireFox on a thumb drive, along with the plugin installed and password file and have a completely portable solution you could just plug in anywhere. Once you are done just unplug the drive and move on.

    If anyone found the drive they would still need to authenticate with the ImageShield on http://myVidoop.com and you could deactivate the portable browser…

    Comment by Kevin Fox | July 9, 2008 | Reply

  3. I enjoyed your post about password security. That’s one of my favorite topics in my blog (in fact, I wrote something today about how programmers store passwords). It’s really frustrating for me when I have a really strong password and someone does something stupid with it like email my password to me, store it in plain text, or have me verify my social security number as authentication.

    I’ve never used an application to store my passwords because I’ve seen so many of those applications cracked. As a programmer, I know how easy it is to get to those passwords. In fact, if I had physical access to your machine, I’d have not only your windows passwords but any password you saved. Does that kind of thing make you nervous? It is cool though that you can keep your passwords in one place and then if, for some reason, you want to revoke rights, you can change only one password.

    Nice post. Thanks for sharing.

    Comment by dpatrickcaldwell | February 27, 2009 | Reply

    • Mr Caldwell,
      First, thank you for your comments.

      You say

      I’ve never used an application to store my passwords because I’ve seen so many of those applications cracked. As a programmer, I know how easy it is to get to those passwords

      Please allow me to to be sceptical about this.
      1. How many strong passwords can you remember?
      2. If the passwords database is encrypted – you never hack them
      3. Try the n-Pass
      4. I am not managing this blog, I’ve moved to Secure Portability

      Comment by patholog | February 28, 2009 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: