Open, Says Me!

(July, 2006)

I’ve been thinking a lot about passwords recently.  That should tell you all you need to know about just how exciting my life is.

 

Passwords are a ubiquitous part of today’s society, protecting our assets from unauthorized intruders.  Your garage door keypad, your cell phone, your computer – all use passwords or codes.  If you own a computer, you likely have many passwords, be they for log-ins, email access, or on-line account authorizations.

 

Ah, but how good are those computer passwords?  If you’re using an easy to remember name or word, you’re at risk.  Any serious hacker will employ a hacking program that can compromise common names or dictionary words faster than you can spit.  Experts insist that you should use a combination of letters and numbers and, if allowed, special characters, e.g. #%&*@.   Further, these passwords should be entirely random in nature. 

 

I counted up the passwords I use for on-line credit card account access, on-line banking, and various email accounts. I stopped counting when I passed two dozen.  Security experts tell you to use separate passwords for each site or account.  Give me a break!  Most people struggle just to remember whether they turned off the iron or put on deodorant.  And they want me to remember multiple random passwords, each with letters, numbers, and maybe special characters?  I don’t think so.  Writing down those passwords on paper presents a different risk should it fall into the wrong hands.

 

So what to do?  Several computer experts I trust recommend a software program called RoboForm.  You’ll find a free version at www.roboform.com. It installs on your PC, and when you access a new site that asks you to create a password, RoboForm steps in and creates a randomized password and saves it to disk.  The program also is capable of creating a backup of your random passwords so that when your hard drive crashes, you won’t be locked out of all your accounts and sites.  When you revisit a site, RoboForm automatically fills in the password that it has remembered for you.

 

If you’re like me and have several PCs or access online accounts from many machines both personal and public, having a password that resides on one home PC just won’t cut it.  So RoboForm offers a companion program called Pass2Go.  It installs on a USB drive (alternately called a thumb drive, pen drive, or USB key). All passwords are saved to the USB drive so you can carry it with you.  Pass2Go does not require installation on the host computer.  It runs automagically from the USB drive and leaves no trace behind when you remove it from the host PC.  Since no keystrokes are used to enter a password, key logging programs can’t compromise your security.  Pass2Go costs $40 for the program license, or you can have it preinstalled on a USB drive and sent to you for an extra $14.

 

Don’t like the idea of having to carry around a USB drive?  Brad Geres, who teaches PC courses at Craven Community, suggests a way to create different passwords for each account and site and yet be able to remember them all.  He recommends starting with an easily remembered base password and adding to that.  Let’s say you have an Aunt Edie, and she is noted in the family for the size of her proboscis.  So you start with the base password of ‘ediesnose’.  To add a few numbers into the mix, let’s change every E to a 3 - kind of a mirror image, eh?  And let’s change each letter I to a one, and each letter O to a zero.  So our base password is now ‘3d13sn0s3’.  Now we’ll either prefix or suffix – your call - that base password with three characters that are unique to each account or site.  For example, if I have an online account at BB&T, my unique password could be ‘bbt3d13sn0s3’, or it might be ‘3d13sn0s3bbt’.  For my Yahoo account, I could use yah3d13sn0s3, or for my cox.net account I could use 3d13sn0s3cox, always placing that unique 3-character set at either the beginning or end of the base password. 

 

In summary, if you make your passwords too easy to remember, then you’ve made them easy to hack.  And if you use the same password for every site and account, you’ve handed the inmates the keys to the jail.  If you want passwords that serve their purpose (and you should), consider either the automated (Roboform/Pass2Go) solution – backing up regularly - or the patterned scheme solution. 

 

And by the way, if you run into Aunt Edie, try not to stare at her…..well, you know.