Passwords – They aren’t rocket science … but perhaps they should be.

Graham Cluley of Sophos blog post reminds me that I’ve been meaning to do my little bit about passwords. Certainly Graham’s method is one I’ve used and one I have suggested to more folks than I can recall, but I remain unconvinced that this sticks or even that it ends up being used for every password. However, go read and watch his vid for yourself.
These days I have three suggestions:

Roboform
LastPass
KeePass

Originally the first one was the one I’d suggest even though it is a commercial product. However it’s lack of integration to browsers such as Chrome or ability to use on a *nix based platform restricts its usefulness – though it does support various mobile platforms. The other two are 100% free and of the two probably LastPass has the slight edge in terms of usefulness over KeePass when browsing but then I have a specific use for KeePass that LastPass just can’t do. LastPass has the ability to integrate to any browser including Chrome which gives it the edge on Roboform.

What all three of them can do and do well is:

generation of unique and very strong passwords
assist with / automate logins
store secure notes
help you avoid clicking links in emails that direct you to false sites
teh ability to set a master password taht encrypts all the others.

It is the first of these that is most useful. Especially in this day and age of most any site you visit requiring a login of one form or another – and this is also probably the reason that most people end up using the same login data across multiple sites. I confess, I’m guilty of this; but then I only do this for forums I frequent where I don’t use my real name anyway and have taken the decision that I don’t care if these ID’s get compromised.

But for all my other accounts, blogs; email; shopping; etc I use the built-in password generator and ensure I tick all the option boxes for 0-9; a-z; A-Z and non-standard stuff like # and !, etc. I then up the minimum characters to 15 (or more) and auto-generate until I’m happy with the aesthetics of the password on the screen (don’t ask, it’s a foible ok). If for some reason the site you are accessing doesn’t accept non-standard characters or has a password length limit then just keep altering the options until you get to something they accept and you are happy with.

One caution – if it’s meant to be a secure access and they have a silly password policy of something like 8 characters, using only a-z, then walk away from them. I’ve seen this with a banking site many years ago but haven’t come across one recently.

So I’m not negating Graham’s advice, I’m just trying to find a way to make it easier for my end users. Yes it requires a small learning curve but one that will serve them well for a long time to come. So my advice is to get a hold of whichever one of these you prefer or suits your habits and use it.

There’s loads of advice out there on passwords and I could go on for several pages. In the end you need to pick a method that suits you best but please don’t write them down and don’t use a locally stored and unencrypted word or excel document! That’s just nuts.

Each of these apps have their own intros or tutorials – just click on the one you need most.

Lastpass

KeePass

Roboform