June 10, 2009, 3:40 PM — Popular Unix wisdom suggests that passwords be next to impossible to guess yet easy enough to remember so that no one is tempted to write them down in any conspicuous way.
The problem that many, if not most, of us have these days is that the number of passwords we have to remember has gone from several to several dozen. Every computer account, bank account, online merchant, softare application, ATM and email account has a password. Why, even just to pick up my voicemail or use my blackberry, I need to enter a password.
Some of the traditional ways of addressing this problem have involved storing important passwords in a safe, encoding them in some way (such as disguising them as normal entries in your rolodex), stashing them in an encrypted file or creating a pattern (such as $just4me) that you can use many times over by changing several characters for each application and then transcribing only the characters that are different (e.g., maybe the characters in the string "ok2" replace the vowels and digit in "$just4me", turning it into "$jostkm4").
Chances are, however, that even with the best ideas of how to create a clever password, you don't have complete control over all of the passwords you have to establish and remember or the circumstances in which you have to remember them, so it's hard to find a one-size-fits-all solution.
One fairly new technology that might prove useful for remembering too many passwords is the biometric USB flash drives. They look pretty much like the USB flash drives we've been using for years to carry files around with us, but they have some extra features -- a finger scanner that activates the device after a familiar finger slides across its sensor and some heavy duty encryption technology.
There are also USB flash drives that lack the finger scan technology, but make up for it by being shielded in such that their contents can't even be read by an electron microscope and, following repeated unsuccessful attempts to access their contents, will fill their memory contents with epoxy prior to burning themselves out. How's that for security?
Obviously, many of these devices aren't so much intended for superusers carrying too passwords in their pockets as much as for businessmen and government types carrying sensitive and proprietary documents from place to place.
From what I've seen, these extremely useful devices sell anywhere from $25 to nearly $900 with some extreme price variations. For example, I found one of the more sophisticated devices -- the MXI Security Stealth MXP 2GB units -- running from $240 to $890. Same part number. Same unit.
Once one of the biometric scanners has learned to recognize your finger(s), you just run a finger across the little built-in sensor and the information stored on the drive is instantly available to you. The data on the drives is secured by a 256-bit AES encryption algorithm, so no one will be able to read its conents (without your finger anyway). Some require a password in addition to the finger scan for added security.
Most only work on Windows and some of these require administrator rights. Others claim compatibility with Windows, Mac OS and Linux, but seem to be lower capacity and/or quite a bit more pricey.
Given the wide range of capacity (I've seen 256 MB to 32 GB), features, system compatibility and pricing, don't jump at the first one you see.
Another smart way to keep track of too many passwords is to use an application such as KeePass -- the free, open source, light-weight and very easy to use password manager -- to store them on your system. KeePass works on Linux and Mac OS X as well as Windows. If you're not moving from location to location, this might be all you need. KeePass hashes your "master" password (the one used to unlock its database) with SHA-256. Even when you're using KeePass and looking at your decrypted passwords, the passwords are encrypted in memory. So there are essentially no risks beyond that of forgetting your master password.