With the recent events surrounding the PHPbb.com website being hacked to the point where the intruder gained access to a number of passwords from registered users, I’ve stepped back to take a serious look at the way I manage passwords for user accounts across the web. I’ll admit that for a long time now, I’ve been playing with fire regarding the way in which I manage passwords and accounts. I really don’t want to get burned so I’ve searched the web for a couple of Password Management applications as well as password generators and this is what I found.
Roboform – I can’t begin to tell you how many times I’ve heard Roboform suggested by my friends and colleagues. Roboform is available for Windows and has been reviewed by major publications such as PC Magazine, Download.com and PC World. This software not only stores passwords for user accounts but you can also use it to auto fill forms e.g. forum registration pages. Roboform also contains a synchronization tool called GoodSync where you can sync up your passwords between two different systems. I’ve recently purchased a copy of Roboform and I’ll be writing my own review about it in the near future.
KeePass – While a Roboform license can set you back $29.95, KeePass is a free open source password management application for Windows. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). KeePass appears to be actively developed since the last update to the occurred on February 13th.
If you’re one of those types who would rather manually store your passwords in a text file for each website you have an account with, here are a few random Password generators to use since at the very least, you should never use the same password for more than one account. Most of your password generators are web based these days so generating a password is just a click away.
Secure Password Generator – Secure Password Generator created by PCTools.com gives you the options to choose a password length between 4-64 characters, phonetics, whether or not to include letters, numbers, mixed case or special symbols. You can also choose the quantity of passwords to create.
GRC Password Generator – My favorite and probably most well known Password generators on the web is Steve Gibson’s Perfect Passwords. Steve has ensured that the passwords generated are as random as possible and with the strings being 64 characters in length, that is more than enough for most websites. Unlike other password generators, this one doesn’t provide any options for you to manipulate the output but that is not an issue considering Steve has done the hard work for you when creating the passwords.
Bytes Interactive – Bytes Interactive is another Password Generation site that provides more options than most when creating passwords. You can choose to exclude specific characters and set which Typewriter position the passwords will appear. As with the first generator, you can also choose the character size and the number of passwords to generate.
I’ve highlighted just a small sampling of what’s out there in terms of password generation and password management. But there is more to passwords than simply managing and generating them. Here are a few common sense tips for using passwords.
- Create a good (strong) password:
- Protect your Password
- Change your password regularly
- Avoid common names, dates, phone numbers or things easily associated with you
- Avoid common words
- Don’t use naturally occurring keyboard sequences
I mentioned earlier that you should never use the same password for more than one login. The reasoning behind this huge. First off, the more sites you register an account with that use the same password, the higher the risk you are placing on having at least one of those sites compromised to the point where they obtain your password which could then be used on any other site you used that password on. This is why password management software is a big business now adays since it takes the hard work out of the equation. Just make sure that the data inside whatever software package you choose encrypts the data inside the database as you wouldn’t want someone gaining access to your PC by way of a Trojan horse where they can access that information.
If you have any more tips, tricks, or password management software suggestions, please leave a comment and let us know about them.