Groan.
Passwords. Maybe this is a future topic for you, because it’s closely related to backing up.
Why don’t you poll your readers: How do people remember their passwords? Let alone user names.
If you do as the experts say, and use regularly changing random strings of characters, how can you possibly remember them? I can’t. I have trouble typing them in correctly even if I’m looking at them — esp. if as I type it produces only a string of little black balls on the monitor.
User names are just as bad, because there are so many different format rules: Just type in your name. All lower case. No spaces. 8 characters max. My name is already taken, so I have to add a few numbers.
For several years, I had one password and I used it for everything.
Then I came up with different passwords for each thing. I kept a list of the service, my user name, and the password I chose. I taped this list to my monitor, but it keeps getting longer and longer. And I’m still never changing them. This list is at the office, so if I need a password when using my home computer, I can’t remember it.
Then I sign up for some new service or blog or whatever, write that new user name and password on a scrap of paper, then lose it before it gets added to the “master list.” I’ve stopped using a number of internet services because I lost the password and it’s just too much hassle to retrieve it.
Now I’ve entered my list into my computer, so it’s accessible and editable any place I can get to my files. (No, hackers, it’s not in a file named “Passwords.”) But of course the computer must be on—and working, and it must be accessed from one of my computers.
I’m surely not the only password dunderhead.
How do others handle all this?
Passwords certainly qualify as critical data you don’t want to lose, though many websites will let you re-set them if you can answer a security question. Taping a list of passwords onto your computer monitor is certainly not the most secure way to store them.
Not only is using the same password for everything not a good idea, it just isn’t possible, for the reasons Mike outlined: different sites have different rules about what constitutes an acceptable password.
I do have a handful of passwords I can remember which I use for more than one thing, but remembering which password I’ve used for which site can be a challenge.
For years I’ve used a very basic, simple password storage program called “Password Prompter.” How basic? I first got it when I was using Windows 95. You enter a password to open the program, then create entries for your different logins and passwords. I just have Karen’s Replicator copy the whole directory in order to back it up.
There are dozens of password storage utilities out there. Some of them are even free. Access Manager Professional lets you back up your passwords to two separate locations, simultaneously. KeePass is a sophisticated open-source program which uses strong encryption, requires no installation, imports from other programs, and fits on a USB stick.
And speaking of USB sticks, I went out and bought a U3 flash drive so I could learn more about it. (You may remember that I mentioned this a few weeks ago.) I’ve been playing with it while writing this. There are actually a few different password management programs available for U3. I opted for the free SignUpShield, but I’m thinking I may just copy my trusty Password Prompter (which, like KeePass, requires no installation and takes up very little space) onto the memory stick instead. It will save re-entering passwords.
There are also backup programs for U3. The one I installed is called “Disk Hero.” And guess what it asks for as soon as you start it? Yes, a password. Once you enter that and an e-mail address, it sets up an account for you online and gives you options for what to back up. You can back up your whole U3 drive, just your data, or even files from the “guest PC” (the machine the U3 drive is connected to). The U3 version of the program comes with 2 GB free storage—more space than is on my U3 drive.
The point of having a U3 drive is to be able to duplicate the experience of working on your own computer by having your programs, contacts, etc with you. You can just about automate that by paying for the Migo software, but there are plenty of free programs which will let you store contacts and bookmarks and check your mail.
Given that there’s so much sensitive data on a U3 drive, it’s a good thing you can password-protect it! Use a strong password as the main key to the drive. That means nothing you can find in the dictionary: include numbers and characters like #, -, *.
I like to use Mycenaean Greek as a source for passwords, because Linear B is transliterated with hyphens between symbols. Even if you take the hyphens out, the spelling isn’t quite the same as for Classical or Modern Greek, and not very many people know Greek to begin with, so the likelihood anyone will guess these passwords is small.
Failing knowledge of obscure languages, you can use a password generator to give you a complex, random password. Then set yourself to memorize it.
Feel free to share your favorite password-management tips in the comments.
Hello,I came across your bog because I watch all things related to password management. (that’s my job)I’ve seen quite a few emails like the one you received from Mike. Passwords are a growing problem. Someone’s gone so far as to coin the name of a syndrome: Password Fatigue.You gave quite a few good tips for solving the problem, but one of the things you mentioned may be the key to an alternative solution:The point of having a U3 drive is to be able to duplicate the experience of working on your own computer by having your programs, contacts, etc with you.Yes! That’s also the point of online applications – but without having to carry around the USB drive. There is a growing number of online applications: calendars, contact management programs, and even word processors that allow you to move freely from one computer to the next without ever “loosing touch” with your stuff.My product, PassPack, is born as an online password manager. It allows you to securely store passwords, notes and private links online. Soon you’ll be able to automatically log into websites too (major plus!).PassPack offers extremely high security, with US government approved algorithms to encrypt the data. So it’s as “uncrackable” as Keepass and other offline password managers.The real beauty though is that, despite it being stored on our servers, not even PassPack can read your data. It’s encrypted and we simply don’t have the Packing Key to unlock it. Here’s how that works:https://www.passpack.com/info/security/I hope you find that useful. I have a bunch of other articles you might be interested in – including an online/offline comparison – so let me know if you’d like more info.Cheers,Tara KellyPassPack Founding PartnerGetting Started Guide
Personally, I’d be very hesitant to store all my passwords online, especially when the government can demand that providers turn over any data they’re storing. But others may be interested in your service. How do you back up the passwords you store for people?
Hi. Excellent questions – very smart. Let me address them.On government interferenceWe’re actually based in Italy, which fabulous privacy laws – all in favor of the user. Keeping in step, the government itself can only request data in extreme situations, and only with a proper mandate. And I repeat, this is very rare.Respect of privacy is one of the utmost concerns in Italy – PassPack too.On handing over tha dataThis is a key point: PassPack can not decrypt your data.So even if we were required to “hand it over”, it’s still encrypted – no one could read it.The government would have to attempt the same types of brute force attacks that a hacker would. Even with military grade computers, it’s estimated to take thousands of years to accomplish this.How we back upData is backed up daily. PassPack resides in a disaster-proof data center with interruptible power supply (should an extended power outage, and even batteries fail, a natural gas generator will take over).Personal back-upsPassPack also lets you create an encrypted backup file to download and safely save to your computer. Should need be, you can restore your data using your personal backup.Alternative personal backupsAnother backup option is actually Keepass. I’ve heard of PassPack users exporting their data and importing into a copy of Keepass. It’s a pretty creative solution actually.I hope I answered your questions.Please let me know if you have any more.Cheers,Tara