February 01, 2011, 8:34 PM —
Once upon a time, you might have thought you could get away with a single user ID and password for all your favorite Web sites. Then, the popular gossip Web site Gawker was hacked, and more than a million user IDs and passwords were revealed. Would it surprise you to know that many people used those same user IDs and passwords on many other far more important sites such as their bank accounts?
I could lecture you about how dumb that is, about how you need to use different passwords for different sites; that you need to pick passwords other than those old favorites, "123456" and "password; and how you should change your passwords every month for every site, but what's the point?
[ See also: The case for lousy passwords ]
Leaving aside that most people are lousy at security, can anyone really keep in their heads the dozens of passwords you need for your bank, Facebook, Twitter, office e-mail server, Gmail, phone, electric, 401(k), LinkedIn, ITworld and countless other accounts? Who can manage to remember dozens of IDs and passwords for dozens of sites outside of savants such as the fictional Raymond Babbitt? I'll tell you who: No one.
So what can you do to use safe passwords on the Internet without driving yourself crazy trying to remember all of them? There are several ways to try to do it and here's my list.
[ See also: Password management: How the pros store their passwords ]
Do it yourself
Write out a list of account numbers, IDs and passwords. I don't mean a physical list, though, that's classic idiot security. Make the list on your computer and encrypt it with a program like TrueCrypt, which can be used on Linux, Mac OS X and Windows; or AxCrypt, FolderLock or PGP Whole Disk Encryption which are Windows-only programs.
These programs can also be handy for keeping snoopers out of your computer's data if someone swipes your PC.
This kind of approach doesn't work easily with Web sites though and, if you're like me, you may also have doubts about the wisdom of using programs that encrypt your entire hard drive. So, you may want to look into password management programs.
There are two kinds of basic password management programs. First, there's local, where the passwords or their encrypted versions, are stored on your local hard drive or on a portable device such as a USB key-drive. The other is to use a Web-based program to store and manage your passwords.
Local password management
There are dozens of PC-based password management programs. While I have some recommendations, there are several important features to look for before you buy or start using password management. These include: encrypting files that contain passwords; restricted access to the management program and its password files; and using one-way cryptographic hashes for password storage instead of storing the passwords themselves.