Home

Keeping Passwords

Mon, 2008-06-23 18:02 — webmaster

With all our online activities these days we are undoutedly all hip deep in online account passwords and struggle to keep them all straight and manage them. Unfortunately for a lot of us the prospect of having a different password for every different online account, like one for our bank and a different one for our Yahoo Groups, is too much to try to remember, so we end up using the same, easy to remember password for everything.

This is bad, bad, BAD. Let me tell you how you can keep very secure passwords, a different one for every use, and keep them safe. 

First, if it's easy to remember, then it is also easy for a hacker to guess. That's just the rule. Your passwords have to be hard by default. They have to be random. The first trouble, then, is coming up with random passwords. No problem, really. Just go to this specialtiy security web page by GRC (Gibson Research Company) that Steve Gibson has set up to give you, me, everybody very secure passwords. Copy a random 10 character long section out of one of those fields, whatever your pleasure, and paste it into whatever password field you are being asked to fill.

Now, how to remember those random passwords? We will paste them into a text file and make a note of what they're for, of course, but we can't just have a text file saved in our Documents folder, ready and waiting for someone to get access to our hard drive and steal our important data. Here's how we will create a secure, encrypted place on our hard drive where we will save our text file. There it will be protected, and we will have just one password to remember -- the password to get into the encrypted file. 

We will encrypt the file with a program called Truecrypt. Truecrypt is free, open source and cross platform. All good things. It's also one of the best encryption programs out there, fortunately for us. So, go to Truecrypt and get that program installed, and then follow the yellow brick road (read and follow the instructions) to set up a new volume and encrypt it. It doesn't have to be too large a volume / file -- 1,000 - 2,500 MB is fine. In this secure space is where you'll save your passwords file, but also where you'll keep your other sensitive data, like financial and legal documents. 

Now, as long as you've kept a note with each password detailing where it is supposed to be used at (I usually enter the URL of the web site) and also noted the username, we should never loose track of those hard passwords we have for each different account. All we need to do, when we go to a web site and need to enter our password is to use Truecrypt to mount our secure volume, enter our one hard but memorized password we use only for this Trucrypt file, and then copy and paste the password for the web site out of the passwords file.