Don’t worry, this isn’t The Susan Bradley ™ rant. This is just something for you to think about on a slow Friday afternoon while you’re planning your weekend and likely using the same password for your desktop as you do for Travelocity and digg.com.
I’ll cut to the chase. In over a decade of professional system administration I’ve been given so many passwords and told “don’t remember this” about a million times. Now I honestly try not to think about the password as people give it to me – it’s a skill of not caring, specific to system administrators. However, I’ve had a pleasure of dealing with some people over and over and over again and every time they call in to setup a new account they have me use their “standard” password. Then they invite me to help via RDP or LogMeIn, and yep, same password. Send a zip file over – yup, same beast. Why? Convenience. (holding back the rant… holding)
I can understand the convenience. First off, you don’t have to remember the password. Second off, you don’t have to think of a new password every time. But what if one site suddenly required a more complex password? Now you have to keep track of two. Then when you go to site A and your password doesn’t work? Hrm.. maybe its the one from site B. Thirty seconds later you’ve blown through your entire password assortment and just gave away that shiny new porn site the password to your banking account. In the day and age where all usernames happen to be email addresses, for the most part, this can be dangerous. And it is definitely not convenient any more.
I have been using a free program called Keepass for years. It is safe, completely open source and very convenient. When I go to a new site and need a password I don’t sit around thinking of a permutation or something including the site name. I have Keepass randomly generate a 16 char string. It picks the complexity. Forget about web sites supporting passphrases, their database is more likely to get stolen (or lost) than your password cracked. When I want to login there are plugins (on screen keyboard, automatic form fillers) to automatically let me in without copying and pasting. The password database is encrypted, portable and passwords are masked (*** instead of ABC) so even if your employees / bosses are walking around behind you they will not be able to see what you’re typing in on the screen. So give it a shot… It’s Friday, you ain’t got no job… you ain’t got stuff to do.
Lite it up. Did I mention it’s free? Pass it on… but if you’re really having a slow day blog about a single tool you use that saves you a lot of grief.
3 Responses to Keeping Passwords Secure