Arjan's World: How Do You Keep Track Of Your Passwords?
You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Wednesday, March 29, 2006

How Do You Keep Track Of Your Passwords?

I find myself surrounded by more and more passwords every day (like you, and every other netizen). I'm sure you're battling with the same issue. Maybe you've given in and use the same password over and over on every website. Hopefully your Amazon.com account doesn't have the same username/password as your local newspaper that requires free registration for reading it's contents... Or, maybe you're not battling at all, cause you're able to keep all 100 passwords in your head; congrats then.

The rest of us who want to play it safe need to rely on other tools. The first that came to my mind some time ago is to just use a password protected Word document. Granted you use a long and difficult one, that is maybe not even a very bad solution. At least it's lots better than using the same credentials over and over.

Or, you can write them all down and put them in your wallet, as Bruce Schneier recommends:

Passwords: You can't memorize good enough passwords any more, so don't bother. For high-security Web sites such as banks, create long random passwords and write them down. Guard them as you would your cash: i.e., store them in your wallet, etc.

Well, actually, why not?

For the geeks, or the ones having trouble to guard our wallets, there are some tools that help you out, electronic password safes:

Password Minder from Keith Brown seems to be a popular one, just like Password Safe from Bruce Schneier himself (guess good old Bruce relies on technical tools himself i.s.o. his wallet).

Until now, I find myself only having read about them, but I haven't put them into practical use, fool as I am. There are several reasons:
  • can I *really* trust these applications? Well I think yes, at least I would vouch for these 2 guys

  • Do they work on all machines, now and in the future. For example, Password Minder is a .NET application, but I don't have the .NET Framework on all my frequently used machines yet

  • The fact that I work on different machines, which makes synchronizing quite a pain



Every time I get a new or updated password, I would have to make sure it's distributed over all machines. Of course I can put them on a stickie, but that leaves the problem of putting an encrypted password file in a dangerous location to my opinion. The USB is much more prone to theft and subsequent offline cryptanalysis than my laptop or other machines at home and at work, is my impression (well, unless you're smart and immediately change all your passwords).

Actually, these reasons are not quit valid, at least not good enough NOT to start using these applications. Still at present I stick to using an encrypted document in a quite popular Word processor. But on top of my TODO list really is investing some time here to find a good tool.

Please leave a comment if you know about other (Windows yes, .NET Framework no) password tools around, or if you want to share your thoughts on the subject.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home