Generate and keep really secure passwords for free
Generate your passwords automatically, use a different one at each site, store them in a vault
If you're ever silly enough to ask, security gurus will tell you the best password you can choose would be one you can't remember, never write down and, preferably, never knew in the first place.
This is a joke, mostly.
It's true passwords that are easy for you to remember are easier for others to crack, by trying your birthday, children's names or other personal information, or by brute-forcing every word in the dictionary and letter in the alphabet into different combinations until they find one that works.
The closer your password is to a real word (misspelled, or obscured by adding a few numbers or symbols), the less time they would take to decrypt.
Of course, they could look for a username that sounds like you in the list of 8 million LinkedIn and EHarmony logins and then just use the password published there, or the ones posted following the hack of 77 million user accounts at Sony or the 130 million credit-card accounts taken from the clearinghouse that processes your credit card payments, or tens of thousands lost by a New York electric utility or the California government services agency you thought was unquestionably trustworthy or the 24 million emails and user names swiped from Zappos or almost anywhere else.
When they stop emulating social interactivity and humor, what security gurus usually say, other than 'stay off the computer,' is that you should not only figure out how to create a really secure password, you should use a different highly secure password at every site you use.
That way, no matter what web-site login database is breached next, your loss can be limited to only the information (or money) on that one site, which is likely to compensate you to avoid even more lawsuits.
The problem is that creating and remembering even one really secure password is such a pain almost no one does it.
Fortunately the same computer technology that makes it possible to crack your weak passwords can also create really strong ones and then keep track of them for you.
You just have to take the trouble to hit the app, web site or install a web extension and then click Create Secure Password in the right window when it's time to create a secure password.
Here are some of the freeware tools available to take care of the whole problem for you. Some are small sites whose creators have to ulterior motives. Others are giant corporations giving away passwords in the hope you'll buy their security software. Some are scam sites, so keep your eyes open.
For more security, if you're using a free online generator, it's probably safer to use one on a site you don't use, or for which you haven't registered. The less it knows about you the less likely it is to connect you with that password, just in case there is some ulterior motivation behind the free offer.
The simple way to choose secure passwords:
Use a secure password generator like the one Symantec keeps at PCtools. You can take the default settings, which usually default to a moderately secure password. Or you can click the little boxes that tell it to include numbers, letters, upper- and lower-case letters, numbers, punctuation and weed out combinations that are so similar you'll never type them right even if you're looking at them (lower-case l and 1, for example, or 0 and O, I and l).
Here are some other options. Try more than one. They're free, only take a second and all deliver pretty much the same product, so which you choose is your personal preference:
- Web-based standalone password generators:
- GRC Ultra-High Security Password Generator (with lots of extra info on why they're secure, how to make them more secure explanations of what crypto-geeks are talking about when they talk crypto.
- WolframAlpha secure password generator, generic but easy to use
- Wolfram Alpha instruction on how to create secure salted password hashing;
- Strong Random Password, also generic and easy to use;
- Secure Password Generator 0.5 – Firefox extension
- Online Password Generator – small private site;
- US-Webmasters.com – looks a little shady, but there are plenty of passwords on offer;
- Kurtm.net, secure password generation – private site, offers passwords with 8 characters ("False Security"), 20 characters ("Bare Minimum Security) and 63 characters (Maximum security for WiFi WPA encryption).
- Firefox extensions – Lots of options ranging from password/data vaults (encrypted storage on you HDD, often sync'd with cloud-based storage).
- Best-rated Firefox extension password generators:
- Show My Password
- Saved Password Editor
- pwgen - Password Generator
- Mass Password Reset – changes passwords on a whole range of sites or apps at one go.
- Chrome extension secure password generators:
- Secure Password Generator Extension
- MD5 Hash Calculator
- Quick Password Generator
- Safari Password Generator
- SuperGenPass – bookmarklet-based password generator; works on Mac OS Safari, Android and mobile devices.
- uPassword for Safari
Safari extension secure password generators:
How do you keep track of all those passwords? Let the computer do it for you.
Nearly all of thiese share standard features such as the ability to identify fields on a page they can fill in with your username, password and other information you may need for registration, potentially saving lots of time and effort by oing it yourself.
Most also keep track of the site you're on so they can offer to log you in automatically, sync your passwords with a file stored somewhere up in the vendor's cloud and keep the passwords they store locally encrypted and password-protected to keep the keys to the kingdom save as well as just the kingdom.
Most also include password generators, so you may be able to kill two birds with one stone.
There are several commercial versions, or free/pay models.
These are all freeware.
- Password vaults:
- KeePass -- one of two apps with unquestioned leads; both come with Firefox and Internet Explorer extensions or web sites you can used independently;
- LastPass – the other of the two leaders. Both are stable, quick, reliable and free;
- RoboForm – form filler and text automation; included passwords and password storage among its functions;
- Clipperz – cross-platform; works on Windows, Macs, Linux and MacOS;
- Password Safe – Open-source, runs on desktop or flash drives; flash version includes a paid upgrade;
- MacOS only: Apple Keychain;
- GNOME: Keyring;
- KDE: Kwallet;
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.