Varying Degrees of Password Security
Last week we talked about creating strong passwords, but should we use different passwords for every site? It’s best practice to do just that. Do they all have to be really hard passwords? Again ideally, yes. So, how can we keep up password spreadsheet? Big sheet of paper? Password management program. Some advantages of password management programs are that many are equipped with encryption. In other words one password locks the whole list away. The bad news is if you lose or forget that password you are locked out of everything. Lists are generally bad because with access to your pc, your list is easy to get at.
I kind of like the “sheet of paper” approach. The only bad thing about that is that anyone sitting at your desk and finding your sheet can copy parts of it and then you’ve been compromised. The bottom line with this is if you do decide to manage passwords through a file on the computer or a piece of paper, treat it like you would the keys to a safety deposit box. Keep it VERY safe.
I take a bit of a different strategy. I have several (maybe 10 or so) frequently used passwords. Some of these passwords are throwaways, they protect meaningless stuff. Think about the cheap, useless locks you have on various things. CD cases, cheap briefcases, diaries. Now think about the serious deadbolt locks, usually in the real world, the bigger the lock, the more important or valuable item it’s protecting. So, mailinglist signups, low importance forums without https logins, anything that I either 1) don’t trust the site owner, 2) it’s a plain text login (no encryption, i.e. no https) and 3) it’s a “cheap win” if someone gains access. For instance, if the WORST thing someone can do is unsubscribe me from a mailing list, that’s not a big loss. The same goes for forum logins, the only benefit to gaining access would be to pose as me and post. Embarrassing, perhaps, but not usually this is not exactly worth wasting a really good password on.
So, I have 2-4 very weak passwords that I use for these.
Next up is the medium strength passwords, for those I use most of the day to day work that’s protecting moderately useful and slightly more valuable locations. I need to see https on a site to use these unless I trust the network between me and the site (and trust the site as well.) Again, I have about 4 of these…
The hard passwords I save for the most important things. These I have maybe 4 of as well. These are for the items that I would be most at a loss if it were compromised. Of course, one of the tricks if you knew me and IF you were able to find out what passwords I use and IF you were able to discern which I capitalized and which I mix case in…. you would still have to go through at least 12 combinations for each login. That would happen really quick with cracking software, but…
Anyway, that’s how I manage to keep at least some sanity when it comes to dealing with remembering passwords for all the various things I do online.
Popularity: 4% [?]
Related Posts - Windows lost administrator password rundown.... I've done one or two mentions in the past of ways to recover/reset lost windows passwords and thought it was probably time for another "brain dump/web research dump" of things that I've run across. This is not just for lost administrator passwords, but could apply to a lost user account......
- Another wolf in sheeps clothing I did an article a while back on "wolves in sheeps clothing" software that poses as security software but will usually turn around and bite you. Sunbeltblog has a post on another fake security center site. Keep an eye peeled for these, information is power in protecting yourself against this......
- Hamachi p2p vpn A few days back I was at grc to run a "shields up" scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi... so I revisited and gave a read to the Security......
Related Websites - Acquiring Targeted Backlinks Regularly It doesn't really matter what niche you're targeting with your website, if you want to make it successful, you will have to get it in front of your target audience. In other words, driving targeted traffic to your site should be your number one priority; and what better way to......
- How to make Strong Passwords Following are the rules and guidelines that may help you in creating a strong password that is secure. These are the things that I’ve used over years based on my own interest in the area of keeping passwords safe and secure. I. Two essential password rules: Following two rules are......
- Is Wordpress or Blogger Right For Corporate Blogs There is a lot of controversy over which blogging platform is ideal for corporate blogs. With so many schools of thought on the matter, it can be difficult to figure out which one you should be using. We have two main favorites, Blogger and Wordpress, and both are very well......
Similar Posts
- Debian development server compromise
- Network Security guide for the home or small business network – Part 19 – What about when you’re not on your home network?
- Disappointing trend for online banking sites
- Network Security guide for the home or small business network – Part 9 – Know your network
- The D-Link DWL-800AP+ as a wireless repeater to extend wireless range – Part 2