Free Password Management
Submitted by Ari on Sat, 01/13/2007 - 03:14.
(There are many free techniques which can be used to remember passwords)
Password management is a big issue for interactive media managers. At minimum, the typical online worker needs to remember around six passwords (blog, web hosting, analytics package, intranet, personal email, instant messenger, etc...) - that's quite a lot of information to remember.
But wait - it gets worse! If you listen to your IT department (as you should!), to be considered secure all of your passwords must be at least 7 characters long, and contain at least one number and one capital letter.
And one last thing: you can't write down your passwords (as that increase the chance they will be stolen), and you should continually change them every six months until you die.
Woh. That seems like a lot of work. No wonder so many people just use the same password for everything, and hope nothing goes wrong. Something these people don't consider though is if their password gets cracked, they're basically fired.
One solution to the password memorization problem is to purchase password management software. These software packages are basically password protected databases - you type all of your passwords into the database, and then set one single password to view the database's contents. Although a good solution, you could run into a problem if the database file gets corrupted, or your computer crashes. The file could also potentially be copied from your computer and brute-force attacked. Finally, these pieces of software can also cost money.
A neat alternative is using a offline encrypted password storage or memory technique. Here are a few interesting ones -
Use a rule set: come up with a single password you like (like "dawg"), and then create a rule based on the password. For example, your rule could be use the first two characters + the last character of the name of the service the password is for. Applying this rule to a service called "yahoo" would result in the word "yao". You then would combine "yao" with "dawg", your single password, and use the password "yaodawg" for Yahoo. You can apply the same rule to an unlimited number of websites, and all the while you only have to remember one password.
Date Code: similar to rule set, in environments where your password needs to be changed at regular intervals, you can use rule based on the date (i.e. first and last letter of months name + the two first letter of the next month).
Typing displacement: move all the letters of the password up, down, left, right, or diagonal a key to generate a new password based on your single memorized password. For example, if your normal password is "walkdog", you can move all of letters upwards one key on your keyboard to produce the password "2qoie0t"
Write down encrypted versions: the encryption doesn't have to be that complicated. You can even add just a single letter or number to every password. For example, assuming capital a ("A") is my encryption key, the written password "Ag0jeanc" would actually be "g0jeanc". A potentially stronger encryption would be to use a substitution rule: for every password you write down you change "a" to "A", for example.
All of these techniques can potentially be "hacked" though if someone finds your password, so still remember to change your technique and password regularly.
I'd be interested in hearing any more techniques -
Finally, more information on passwords can be found by reading the book Perfect Passwords . If you are interested in an online password management utility, some readers have recommended PasswordMaker.
Original idea for this article came from klaatu
Submitted by sertell hollie (not verified) on Thu, 11/22/2007 - 10:36.
i wont my password back please
Submitted by Parker (not verified) on Tue, 05/15/2007 - 02:41.
Another tool to use is Secret Server. It works well as a single user utility, however, has great functionality for multiple users. It's free for a single user and only takes a few seconds to set up an account. It features the highest security of any web-based password management tool. AES 256 bit encryption and SHA512 are used to make sure that your database is fully secured.
If you're hesitant, you can install Secret Server locally onto your network.
www.thesecretserver.com
Submitted by Bala (not verified) on Sun, 05/13/2007 - 13:16.
On a related note, information about one more online password management software - ManageEngine PasswordManager Pro.
ManageEngine PasswordManager Pro (PMP) is a Password Management Solution for enterprises to control the access to shared administrative/privileged passwords of any 'enterprise resource' such as servers, databases, network devices, applications et al.
PMP is centralized, web-based and enables IT managers to enforce standard password management practises such as maintaining a central repository of all passwords, usage of strong passwords, frequent changing of sensitive passwords and controlling user access to shared passwords across the enterprise.
More information at www.passwordmanagerpro.com
Submitted by Cubicle101 (not verified) on Sat, 05/12/2007 - 21:22.
In addition to the techniques listed, there is also another way that greatly improves password security relaxing the need to constantly change passwords.
This is a technique that I often employ. first pick two words, preferably at least 5 characters each (I generally substitute one letter in each word with a number). Now take the two words and use a symbol to separate them like you would a space. example: w4lk^d0g :or: walk^dog
using alpha numeric passwords raises your security, and adding in symbols really boosts your protection.