The Hopeful Hacker Passwords

 

Home

    Tech Basics

    Boot Camp

    Computer Programs

    From Program to Process

    Passwords

    API

    Wireless Networking 

    Free Email

    Linux

Related Links

    Hopeful Hacker Blog

Other Sites

 Brain Dump

Simple and Secure

Here's the frustrating thing about passwords: sometimes the more secure you try to make them, the less secure they become.  It's kind of obvious why.  A secure password is really complicated which makes it hard to guess, hard to crack and hard to remember. 

It's that last part that presents a problem.  The harder your passwords are to remember, the more likely you'll do something that undoes the other two.

A variety of problems 

Let's say you use a password everywhere you possibly can.  It's a lot to remember.  So you'll be tempted to use the same password over and over, like your birth date backwards.  Or develop a system that lets you figure out what password you use for what site, like the site name in numbers one through 26.  In either case, one crack gives someone a shot at all of your password protected stuff.

It's a huge problem for a variety of reason, but here's a simple one.  Some websites don't have much to hide, but they want you to register so they can count their customers or keep spammers away.  They'll ask you to login with a password, but they're not too concerned with the security of the system.  Hackers will use the site to get your password, then hope it's the same one you use for your banking or some other important site.

Constant change

Or lets say a site forces you to change your password every 30 days.  Sometime the security system will force you to type in a new password and a really inconvenient time.  You'll do it quickly, forget it, and cause yourself a lot of trouble.  The solution?  Print it on a post-it note and stick it to the back of your monitor, or the front, or one of those electronic post-it notes on your screen.

In any of those cases, anyone with eyes can catch your password and use it at will.  

The solution

In each case, real life hacks security into simplicity and (ironically) insecuity.  The solution?  Software that manages your passwords for you while keeping them safe and secure.

There are a lot of these programs out there.  I've chosen two that meet some simple criteria: they're free, they're open source and they seem pretty secure.

Password Safe

You can get Password Safe here.

KeePass

You can get KeePass here.

The Good, the Bad and the Ugly

The good part of this kind of program is that you can have multiple, secure passwords and manage them all with one master password.  That, according to the first rule of passwords, is also the bad part.  If someone gets your master password, he has all of your passwords.  The stregnth becomes the weakness.  That puts a lot of pressure on the master password.  First and foremost, it should be ugly.

By ugly, I mean unusual, asymmetrical, long, obscure and strange.  Lots of characters: uppercase, lowercase, numerical and unusual.  And put together in the least coherent way.  No words, no dates, no phone numbers -- nothing that follows any kind of pattern.

$*(T%gK]F0d^)mm6m%lyt_=d<3?\|n5o~pf+

If that looks like a cartoon curse, it's fitting.  On the plus side, it's what a hacker will feel after trying to crack it.  On the minus side, if what you'll be saying as you try to memorize it.