not so gray matter
מעשוגע פ
I'm sure that most of you have your computers fairly secure with Anti-Virus, Firewall, Anti-Keyloggers and everything else you can think of. One thing some might overlook is password security. Specifically the fact that without a password manager it's pretty difficult to store multiple passwords in your head that have the length and variability to be secure passwords.
Keep in mind that having one password for everything is a very bad idea. Once an intruder cracks that one password, he/she has access to everything. Another bad move that most people make is storing their passwords within their browser. This is very risky move. None of the browsers have enough password security to be able to protect your stored passwords.
The solution to both of these problems is a password manager with real security. It not only allows you to store all of your passwords in a safe place, but it also allows you to use passwords that aren't easy to remember yet are very secure.
There are many products on the market in this area, but here's a free solution I've come across.
The keepass software stores your passwords in a secure database. It requires up to three different log-in credentials. The options are a password, a user account and a key file. You can use multiple combinations of those choices, but take extreme caution with the user account option. The reason I do not recommend the user account method is because the software requires that all selected keys (password, file, account) are used and if you use user account authentication, there is no possible way to recover passwords if you lose the user account. If you lose the account and don't have a backup you cannot get back in. It will not accept a new account with the same credentials. The key-file and a decent password are more than enough security.
So, for the best security, set up your keepass database to require both a password and a key file. Anyone who wishes to access the database will need access to both items. This means that even if someone guesses or finds your password, they would still need the key file. Storing this key file in removeable media as well as in a secure backup location will allow access your passwords, and protect you from losing the database in the event that the removable media malfunctions.
Once you've started up a password manager it's a good idea to go through and change your passwords to become hard to guess and quite complicated. Personally, I use a password that contains uppercase, lowercase, numbers, symbols, spaces, high ANSI and is 64 characters long. Not all websites will allow you to use a password like this, but most will and most restrictions are related to length (16-32 characters) if anything. Some will require you not to use some symbols as well.
Here's an example of a password rated by Keepass at 512 bits:
*ë÷3ÑiŠ¸lI¹-í'Œ›,"žÌ%-²êæw( +iXí4lЩôþfyûÚ©ø+ƒ¡/Ü?YÅàž¬Gå¿R㤇ôÃøÄ=äí¿È9"
An average password like quake375gamer is rated at 59 bits. If you're serious about password security, there's simply no possible way to remember a set of passwords that have at least 128 bit security and aren't made up of dictionary type words.
One last tip: Even if you use complicated passwords on your main accounts, don't forget to use a decent password on junk e-mail accounts. These accounts may not have any information you think is important, but you may store a few contacts in these accounts unknowingly. If someone manages to access this account, you'll end up sending out unsolicited emails to these people.
Keep in mind that having one password for everything is a very bad idea. Once an intruder cracks that one password, he/she has access to everything. Another bad move that most people make is storing their passwords within their browser. This is very risky move. None of the browsers have enough password security to be able to protect your stored passwords.
The solution to both of these problems is a password manager with real security. It not only allows you to store all of your passwords in a safe place, but it also allows you to use passwords that aren't easy to remember yet are very secure.
There are many products on the market in this area, but here's a free solution I've come across.
Information
KeePass Password Safe
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.
Supported operating systems:
Windows 98 / 98SE / ME / 2000 / XP / 2003 / Vista / 7, each 32-bit and 64-bit, Mono (Linux, Mac OS X, BSD, ...).
Prerequisites:
Microsoft .NET Framework ≥ 2.0 or Mono ≥ 2.6.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.
Supported operating systems:
Windows 98 / 98SE / ME / 2000 / XP / 2003 / Vista / 7, each 32-bit and 64-bit, Mono (Linux, Mac OS X, BSD, ...).
Prerequisites:
Microsoft .NET Framework ≥ 2.0 or Mono ≥ 2.6.
The keepass software stores your passwords in a secure database. It requires up to three different log-in credentials. The options are a password, a user account and a key file. You can use multiple combinations of those choices, but take extreme caution with the user account option. The reason I do not recommend the user account method is because the software requires that all selected keys (password, file, account) are used and if you use user account authentication, there is no possible way to recover passwords if you lose the user account. If you lose the account and don't have a backup you cannot get back in. It will not accept a new account with the same credentials. The key-file and a decent password are more than enough security.
So, for the best security, set up your keepass database to require both a password and a key file. Anyone who wishes to access the database will need access to both items. This means that even if someone guesses or finds your password, they would still need the key file. Storing this key file in removeable media as well as in a secure backup location will allow access your passwords, and protect you from losing the database in the event that the removable media malfunctions.
Once you've started up a password manager it's a good idea to go through and change your passwords to become hard to guess and quite complicated. Personally, I use a password that contains uppercase, lowercase, numbers, symbols, spaces, high ANSI and is 64 characters long. Not all websites will allow you to use a password like this, but most will and most restrictions are related to length (16-32 characters) if anything. Some will require you not to use some symbols as well.
Here's an example of a password rated by Keepass at 512 bits:
*ë÷3ÑiŠ¸lI¹-í'Œ›,"žÌ%-²êæw( +iXí4lЩôþfyûÚ©ø+ƒ¡/Ü?YÅàž¬Gå¿R㤇ôÃøÄ=äí¿È9"
An average password like quake375gamer is rated at 59 bits. If you're serious about password security, there's simply no possible way to remember a set of passwords that have at least 128 bit security and aren't made up of dictionary type words.
One last tip: Even if you use complicated passwords on your main accounts, don't forget to use a decent password on junk e-mail accounts. These accounts may not have any information you think is important, but you may store a few contacts in these accounts unknowingly. If someone manages to access this account, you'll end up sending out unsolicited emails to these people.
Tip
If you'd like to test the security of your current passwords, you can use this link to do so. If you don't get atleast a STRONG rating on each and every password, you should consider a password manager with a password generator. Also, do not use dictionary words. If you're using a word that can be found in any dictionary in any part of your password, create a new one.
https://www.microsoft.com/protect/fraud/passwords/checker.aspx
https://www.microsoft.com/protect/fraud/passwords/checker.aspx
Last edited:
My Computer
- Computer Manufacturer/Model Number
- Apple Macbook Pro (April 2009)
- OS
- W7 Ult. x64 | OS X
- CPU
- Intel Mobile Core 2 Duo 2.93Ghz [T9800 Penryn]
- Motherboard
- NVIDIA nForce 730i Rev. B1 [Mac-F2268EC8 (U2E1)]
- Memory
- 4096MB Samsung DDR3 Dual Channel [PC3-8500F 1066Mhz]
- Graphics Card(s)
- NVIDIA GeForce 9600M GT 512MB [G96M Rev. C1]
- Sound Card
- SB X-Fi Surround 5.1 USB | Onboard Realtek (Disabled)
- Monitor(s) Displays
- Acer x223wbd 22" | Apple Anti-Glare 17" (Disabled)
- Screen Resolution
- {Current} 1440x900 {Acer} 1680x1050 {Apple} 1920x1200
- Hard Drives
- {Internal}
Seagate Momentus 320GB 2.5" 7200RPM [ST9320421AS]
{Externals}
LaCie 320GB USB 2.0 HDD [301284UR]
LaCie 750GB USB 2.0 FW400 eSATA HDD [301314U]
LaCie 1TB USB 2.0 HDD [301304UR]
- PSU
- Magsafe
- Case
- Aluminum/Unibody (MBP52)
- Cooling
- 2 x 6000 RPM Fans
- Keyboard
- Logitech G-15v2 [PN 920-000379]
- Mouse
- Logitech G-9 [PN 910-000338]
- Internet Speed
- 12Mbps/2.5Mbps w/ 24Mbps Speed Boost [Comcast]
- Other Info
- Logitech X-540 Speakers [PN 970223-0122]
Sennheiser PC-151 Headset
