Varying Degrees of Password Security



Last week we talked about creating strong passwords, but should we use different passwords for every site? It’s best practice to do just that. Do they all have to be really hard passwords? Again ideally, yes. So, how can we keep up password spreadsheet? Big sheet of paper? Password management program. Some advantages of password management programs are that many are equipped with encryption. In other words one password locks the whole list away. The bad news is if you lose or forget that password you are locked out of everything. Lists are generally bad because with access to your pc, your list is easy to get at.


I kind of like the “sheet of paper” approach. The only bad thing about that is that anyone sitting at your desk and finding your sheet can copy parts of it and then you’ve been compromised. The bottom line with this is if you do decide to manage passwords through a file on the computer or a piece of paper, treat it like you would the keys to a safety deposit box. Keep it VERY safe.

I take a bit of a different strategy. I have several (maybe 10 or so) frequently used passwords. Some of these passwords are throwaways, they protect meaningless stuff. Think about the cheap, useless locks you have on various things. CD cases, cheap briefcases, diaries. Now think about the serious deadbolt locks, usually in the real world, the bigger the lock, the more important or valuable item it’s protecting. So, mailinglist signups, low importance forums without https logins, anything that I either 1) don’t trust the site owner, 2) it’s a plain text login (no encryption, i.e. no https) and 3) it’s a “cheap win” if someone gains access. For instance, if the WORST thing someone can do is unsubscribe me from a mailing list, that’s not a big loss. The same goes for forum logins, the only benefit to gaining access would be to pose as me and post. Embarrassing, perhaps, but not usually this is not exactly worth wasting a really good password on.

So, I have 2-4 very weak passwords that I use for these.

Next up is the medium strength passwords, for those I use most of the day to day work that’s protecting moderately useful and slightly more valuable locations. I need to see https on a site to use these unless I trust the network between me and the site (and trust the site as well.) Again, I have about 4 of these…

The hard passwords I save for the most important things. These I have maybe 4 of as well. These are for the items that I would be most at a loss if it were compromised. Of course, one of the tricks if you knew me and IF you were able to find out what passwords I use and IF you were able to discern which I capitalized and which I mix case in…. you would still have to go through at least 12 combinations for each login. That would happen really quick with cracking software, but…

Anyway, that’s how I manage to keep at least some sanity when it comes to dealing with remembering passwords for all the various things I do online.

Related Posts

Blog Traffic Exchange Related Posts
  • Google cache revealing critical personal infromation A while back I did an article on using Google search in some slightly more advanced ways, as well as a link to a site of specific Google searches. I've come across something in the Handlers diary at Incidents.org that is worth knowing about. The entry in question details that......
  • Internet Explorer 7 to have tighter security zone settings One of the changes Internet explorer 7.0 will see is a tightening of restrictions on the zone settings. Currently, there are four security zones for web sites: Internet, Intranet, Trusted Sites and Restricted Sites. Explorer tries to autodetect if a site is within the intranet (which becomes more trusted), or......
  • Hamachi p2p vpn A few days back I was at grc to run a "shields up" scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi... so I revisited and gave a read to the Security......
Blog Traffic Exchange Related Websites
  • How to make Strong Passwords Following are the rules and guidelines that may help you in creating a strong password that is secure. These are the things that I’ve used over years based on my own interest in the area of keeping passwords safe and secure. I. Two essential password rules: Following two rules are......
  • Acquiring Targeted Backlinks Regularly It doesn't really matter what niche you're targeting with your website, if you want to make it successful, you will have to get it in front of your target audience. In other words, driving targeted traffic to your site should be your number one priority; and what better way to......
  • Is Wordpress or Blogger Right For Corporate Blogs There is a lot of controversy over which blogging platform is ideal for corporate blogs. With so many schools of thought on the matter, it can be difficult to figure out which one you should be using. We have two main favorites, Blogger and Wordpress, and both are very well......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site