Most people would be surprised at how easy it is to guess their passwords. For most people if you know a little about them you can guess their passwords. I had a friend who dared me to "break" into their iPhone. They handed it to me and I thought for a short while and tried entering their birthday "1207" – and I was in. They were shocked and dismayed. Really? I was shocked at how poor a password that was.
You can also reset passwords at many sites if you know some basic information about the person. Real tough questions like "what city were you born in?" If you know two of those "hard questions" you can reset the password. That is how Sara Palin’s yahoo email account was allegedly hacked into. I treat those questions like a password. When asked what city I was born in I enter "xyrtg3ji" or whatever my random password generator creates.
Even if you can’t guess someone’s password it is probably easy to brute force the password. Most people use real words for their passwords which drastically reduces the possible letter combinations. There are hacker dictionaries available on the internet that have the top used passwords in there to guess those first. Back in 1994 I read a book called "Secrets of a Super Hacker" and I was shocked to find my password in the back of the book in a small password dictionary. I thought because I was using an obscure word that would make it a stronger password – wrong it actually makes it weaker because it makes the short list.
Another thing people think will make their password more secure is to add numbers to the end of the word. While it does make it more secure it only adds a few minutes of guessing to a brute force attack.
A few don’t rules about passwords:
- Don’t use numbers, birthdays. (i.e. "12345" or "10031988")
- Don’t use your kids or pets names (i.e. "Samuel" or "spot")
- Don’t use obvious words or combinations (i.e. "password" or "password123")
- Don’t use names or dictionary words (i.e. "John" or "automobile" or "fish")
- Don’t use the same password on multiple systems
- Don’t choose short passwords. At a minimum have 8 characters – more is better.
Here are two ideas on how to create more secure passwords:
- Take a full sentence and take the first letter or two from each word. (i.e. The sentence "I want to eat at Taco Bell today" yields "IwteaTBt")
- Use a random password generator to create the password and a password wallet so you can remember them.
Security and usability are almost always at odds with each other. Today there are way to many passwords we need to remember. It is rare that a person can remember beyond 7 passwords and many of us can’t even do that. What I use is a password manager to keep track of my passwords. I have this sync between my computers and my smartphone. That way I always have what I need.
Here are a few Free password managers
|
KeePass
|
http://keepass.info/
|
Free. KeePass, the free, open source, light-weight and easy-to-use password manager.
|
|
PasswordSafe
|
http://passwordsafe.sourceforge.net/
|
Free. Password Safe is free and allows you to safely and easily create a secured and encrypted user name/password list. With PasswordSafe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire user name/password list
|
|
Efficient Password Manager
|
http://www.efficientpasswordmanager.com/
|
Free. Still be worrying about so many passwords to remember? Now we have Efficient Password Manager, a completely free but powerful and unique password management software program.
|
There are a lot of good for cost password managers available. They offer things that the free ones don’t like online backup so you never loose your passwords. Automatic Synchronization so your passwords are always up to date. One of the easiest to use is Password Genie. My late Father’s favorite was RoboForm.
The password managers that I really like are the wallets. They not only encrypt and store your passwords but they also store your credit card numbers, bank account info, frequent flyer numbers, and anything else you want to keep secure. I also like the ones that offer synchronization so that my latest passwords are always on all my PCs and smartphone. I need them to offer a password generator because I too fail at creating difficult passwords. Lastly I like it when they have a web browser plugin that enters the passwords for me with the touch of a button. I have used all 3 of the managers below and they are all good.
Here are my three favorite:
|
SPB Wallet
|
http://spb.com/products/wallet/
|
SPB Wallet supports Windows, Mac, iPhone, iPad, Windows Mobile, Symbian. With more mobile devices to come…
|
|
Code Wallet Pro
|
http://www.developerone.com/codewalletpro/windowspc.htm
|
CodeWallet Pro 6 Desktop/PC Companion Edition securely organizes all of your business and personal information. The PC Edition is the perfect companion to the mobile version of CodeWallet. Manage passwords, banking information, credit card details, PIN codes, travel plans, insurance policies, registration codes, gift lists, you name it,
|
|
eWallet
|
http://www.iliumsoft.com/site/ew/ew_ssh.php#hpc
|
Do you have too much info to remember? Do you wish you could take all your passwords, credit cards, account information and logins with you – so they’re handy when you want them? But keep them safe – so you don’t have to worry about intruders finding them? You need eWallet.
|
On March 31, 2011, the beta of Live Mesh will end, and the Live Mesh beta will stop working. After March 31, you won’t be able to access any files stored online in your Live Desktop or connect to your PCs remotely using the Live Mesh software. Also your files will stop syncing between your computers and your Live Mesh online storage. 
