With the recent events surrounding the PHPbb.com website being hacked to the point where the intruder gained access to a number of passwords from registered users, I’ve stepped back to take a serious look at the way I manage passwords for user accounts across the web. I’ll admit that for a long time now, I’ve been playing with fire regarding the way in which I manage passwords and accounts. I really don’t want to get burned so I’ve searched the web for a couple of Password Management applications as well as password generators and this is what I found.
Password Management:
Roboform – I can’t begin to tell you how many times I’ve heard Roboform suggested by my friends and colleagues. Roboform is available for Windows and has been reviewed by major publications such as PC Magazine, Download.com and PC World. This software not only stores passwords for user accounts but you can also use it to auto fill forms e.g. forum registration pages. Roboform also contains a synchronization tool called GoodSync where you can sync up your passwords between two different systems. I’ve recently purchased a copy of Roboform and I’ll be writing my own review about it in the near future.
KeePass – While a Roboform license can set you back $29.95, KeePass is a free open source password management application for Windows. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). KeePass appears to be actively developed since the last update to the occurred on February 13th.
Password Generators:
If you’re one of those types who would rather manually store your passwords in a text file for each website you have an account with, here are a few random Password generators to use since at the very least, you should never use the same password for more than one account. Most of your password generators are web based these days so generating a password is just a click away.
Secure Password Generator – Secure Password Generator created by PCTools.com gives you the options to choose a password length between 4-64 characters, phonetics, whether or not to include letters, numbers, mixed case or special symbols. You can also choose the quantity of passwords to create.
GRC Password Generator – My favorite and probably most well known Password generators on the web is Steve Gibson’s Perfect Passwords. Steve has ensured that the passwords generated are as random as possible and with the strings being 64 characters in length, that is more than enough for most websites. Unlike other password generators, this one doesn’t provide any options for you to manipulate the output but that is not an issue considering Steve has done the hard work for you when creating the passwords.
Bytes Interactive – Bytes Interactive is another Password Generation site that provides more options than most when creating passwords. You can choose to exclude specific characters and set which Typewriter position the passwords will appear. As with the first generator, you can also choose the character size and the number of passwords to generate.
Conclusion:
I’ve highlighted just a small sampling of what’s out there in terms of password generation and password management. But there is more to passwords than simply managing and generating them. Here are a few common sense tips for using passwords.
- Create a good (strong) password:
- Protect your Password
- Change your password regularly
- Avoid common names, dates, phone numbers or things easily associated with you
- Avoid common words
- Don’t use naturally occurring keyboard sequences
I mentioned earlier that you should never use the same password for more than one login. The reasoning behind this huge. First off, the more sites you register an account with that use the same password, the higher the risk you are placing on having at least one of those sites compromised to the point where they obtain your password which could then be used on any other site you used that password on. This is why password management software is a big business now adays since it takes the hard work out of the equation. Just make sure that the data inside whatever software package you choose encrypts the data inside the database as you wouldn’t want someone gaining access to your PC by way of a Trojan horse where they can access that information.
If you have any more tips, tricks, or password management software suggestions, please leave a comment and let us know about them.
14 thoughts on “Password Management/Generators And Tips”
There’s another one I’ve got to mention for your list — Clipperz.com — a dandy (free) password manager (with password generator built in) that lets you do one-click direct logins to sites. I open a local copy in my Firefox sidebar and it’s right there handy while I’m working online, so convenient. 128-bit encription & accessible with one master passphrase. This is the tool I’ve been using for a couple of years now: can’t do without it.
Thanks for the list of options. I guess it is time to pick one and be done with it. Cheers!
There’s another one I’ve got to mention for your list — Clipperz.com — a dandy (free) password manager (with password generator built in) that lets you do one-click direct logins to sites. I open a local copy in my Firefox sidebar and it’s right there handy while I’m working online, so convenient. 128-bit encription & accessible with one master passphrase. This is the tool I’ve been using for a couple of years now: can’t do without it.
Passwords should never be stored in a database as plain text.
A typical website that I set up hashes passwords before they are stored in the database. Note that a hash is not the same thing as encryption because that which is encrypted can be decrypted. A hash is a one way transformation that cannot be undone. That way even if a bad guy gets complete view access to my database he has no passwords. Then when a user logs in they enter their plain text password, it gets hashed programmatically and then then that gets compared to the hash stored in the database.
I’m actually enjoying Roboform as I use it. It’s built in password generator is pretty nifty and then I can save that password to an account is also cool. It’s all built right into the app and the Roboform FireFox extension is just awesome.
hey Jeff,
So many different passwords is a pain, but I suppose worth it. Your post is a timely reminder, that like backing up one’s hard drive, maintaining security is very important. Deciding to do it after being hacked is like deciding to back up your hard drive after it’s crashed… it’s a little too late.
But do you really think 64 characters is necessary, or a little overkill? How many characters are your usual passwords? ~ Steve, the trade show displays guy
I’ve used KeePass for the longest time – as its able to live on my thumbdrive and automatically fill in forms that I need on websites to login. I also use KeePassX to access my KeePass database on OSX.
I actually love the RoboForm software myself. I use it all of the time and it takes all of the menial everyday tasks that I have to perform on my computer daily and shortens them extremely! What once took me fifteen minutes to complete now takes me only one second because RoboForm does the same task with just one click. In fact I wrote a Report about a lot of RoboForm’s capabilities for use that aren’t even touched on in the User’s Manual for RoboForm. You can get that Report here:
http://www.theroboformreport.com/indexa.html
There is also a FREE version of RoboForm that you can download on this web page, just to test the RoboForm software out for yourself! I highly recommend it!
If you change computers often, you’re better off with an online password manager.
Passpack is a secure list of passwords that you can look up whenever, and from wherever, you need. Just sign into the website. To optional goodies for Passpack:
1. little login button (click it, it fills in the login form for you)
2. Desktop application built with Adobe AIR. Those who like the feel of installed software can use Passpack desktop on as many computers as they like. It all synchronizes through via Passpack.com.
Of course – Passpack is free. Try it here.
I use eWallet at work and PasswordSafe at home. Instead of a plain text file these programs store passwords in a encrypted and password protected file. Both also allow you to generate passwords.
eWallet cost $$ but has some nice features like syncing between PC and PDA. PasswordSafe is free and open source.
Nice list. I never knew about these apps. I will try Roboform. It seems intresting
Hi!
I recommend using a free Firefox plugin called Sxipper. This little puppy can fill out forms and be trained to fill forms while keeping your information as secure as Roboform.
All the Best!
Regards,
Erwin Chua
http://winning2win.com
I did a similar blog post in response to the Monster website hack and recommend 1Password for Mac users – http://www.darylhaines.com/320/monster-password-issues
You should add one more software to the list: LastPass – Its equivalent to Roboform and exports and imports data to roboform. It works in Windows/Mac/Linux and integrates in Firefox and IE seemlessly.
https://lastpass.com/
Comments are closed.