Write down your passwords!
Write down all of your passwords on a small piece of paper and stick it in your wallet. Sound crazy? Some security experts actually think this might be a good idea. Why? By not allowing people to write down their passwords, they tend to choose poor passwords. Obviously, never put your password on sticky notes on your monitor, under your keyboard, etc. Think of it as your password cheat-sheet. Protect it the same way you would protect your credit cards, social security card, etc.
I personally like KeePass Password Safe. It’s a free open-source password manager.
What is a good password? Never use real words or names. Never use number or didgets of information about you (e.g. your birth date, your phone number, address, etc.). Use a mixture of upper case, lower case, numbers, and punctuation. The longer the better (I would say 8 characters minimum).
One of Steve Gibson’s recommendations is to come up with an algorithm of some sort that combines your password with the site you’re at. For example, if you’re at gmail.com, and your birthday is 11/5/1974, your password for gmail might be l1M!1a5I7g4. The algorithm: take the root of the domain name. Swap the first and last letters. Capitalize every other letter. Every other character will be your birth date. The 4th character will be an exclamation point. Using the same algorithm, the password for nytimes.com would be s1Y!1t5I1m9E7n4. Again, the more complex the algorithm, and the more obscure the information is (I wouldn’t use something as obvious as your birth date) the better. (By the way, that’s not my algorithm - I just made it up.)
Leo Laporte & Steve Gibson recently started a podcast called “Security Now!” Definitely worth subscribing too for more security tips!
January 11th, 2006 at 7:01 pm
At work we use a free password manager, CyberScrub KeyChain Password Manager http://www.cyberscrub.com/keychain
We really like it. here is some info I copied from thier site:
Manage ALL Passwords with One Phrase. When you log on to KeyChain with your Master Pass Phrase you will have instant access to all of your password protected websites. Select your destination from a special list you have created- then simply “Click & Go”. It’s that easy! Each time you visit a site requiring a user name and password KeyChain auto enters this information and logs you in. It even prompts you to add these passwords to the program if you have not already done so. Never manually fill in credit card details again. Online shopping is a snap because KeyChain automatically enters your selected credit card details, Shipping and Billing address and more. All of your data is secured with strong encryption. Only you have access to the sensitive data within KeyChain. All information, including passwords, credit cards and other data, is protected with strong encryption algorithms. The USB flash drive also synchronizes with your host computer to back up your encrypted password list. This is an important feature should your PC crash or fail. You may also utilize the USB flash drive, if desired, for Dual User Authentication. This requires the user to not only enter the Master Pass Phrase, but also to plug the USB flash drive into their computer. Easy to use, backed award winning CyberScrub Customer Support.