Computer Secure
Online Security
A N T I - S P Y W A R E
A N T I - V I R U S
S A F E B R O W S I N G
- FREE VIRUS HELP
- Free online scans, worm removal etc.
- Security News
- Latest Virus News
- Computer Security News
- Useful Information
- About Passwords...
- More About Adware
- More About Spyware
- More About Viruses, Worms & Trojans
- Other Tools.
- Registry Repair
- Other Articles/News.
- Computer SecurityBroadband Internet
- Networks
- Data Recovery
- Software
- And more:
- Articles Index
Do You Make these Password Mistakes?
Passwords are not all created equal, not equally secure anyway. The questions and tips below are to help us keep safe and secure when we use passwords.
1. Do you use an 'easy' password?
A password is more secure if there is nothing obvious about it. It is best to avoid dates, birthdays, family names, pet names, plain english words, significant numbers like phone numbers, street address numbers, vehicle plate numbers and so on.
The best, strongest passwords are long and random. Also they contain letters AND numbers. Also, if you can, it is even better to include some 'extended' characters, such as the underscore (_), percent sign (%), tilde (~) or plus sign (+).
Of course if you have more than a few passwords - and they are strong, random ones - how do you remember them? More about that below.
How do you get a really random password?
There are a number of ways to generate a truly random password. Doing it conveniently and correctly usually involves some software (for convenience) and a random number generator. But don't just use the first website you see that offers you the service of generating random passwords on the site. Some of those widgets are not truly random.
There is free software that can be used to generate passwords, e.g. this one, Random Password Generator. This is just an example: I am not vouching for the quality of this software or the randomness of its passwords.
Most password software will not only remember passwords but also generate random ones for you.
More information about password software is below The point right here is that a huge proportion of web users can make a real improvement in their security by not using those 'easy' passwords with English words, names, birth dates etc.
2. Do you use the same password for more than one account?
Every time we are required to supply a password we need to use a new and different password. For example, suppose you need a password for a bank account, an email account, an internet forum you visit, and maybe you use a password to log on to your own computer (you should). These should be four different passwords. Otherwise a hacker or identity thief only needs to discover one password and then try it out on some bank accounts, email accounts, web forums or anything else associated with your name.
I haven't forgotten that other question: if you have a lot of different passwords - and they are strong, random ones - how do you remember them? More about that below.
3. Do you let your browser remember your passwords?
Well, I certainly don't, not important ones anyway. I advise anybody to SAY NO when a browser asks you if you would like it to remember your password or other details for completing online forms or logging into sites.
I am not trying to criticise any browsers here. There are two main points to consider:
A. Your browser has this feature mainly for convenience, not for security.
The people who make the browser, e.g. Internet Explorer or Mozilla Firefox, are giving you the option of using this feature for your convenience.
They will store your password in a secure way, but they are providing a feature that is mainly for convenience, not security. In all likelihood the browser's password storage is difficult to hack and it's probably not worth the trouble to most hackers - since there are easier pickings for them. But still, if it's a question of protecting all the money in your bank accounts, don't rely on a feature that is provided mainly just for convenience.
(You can read in details about how browsers store passwords, and how secure or insecure thay might be, in this article at SecurityFocus: Password Management Concerns with IE and Firefox.)
B. If your computer is unattended...
There is another problem with letting your browser automatically log you onto sites such as your bank. If you step away from your computer, then anybody who can access your computer can also access any of those sites with YOUR identity.
In order to log into websites, banks, forums etc. some people are very, very careful about entering user names and passwords into the form fields. Some people, very security conscious and defending against keyloggers, never actually type their password. They copy and paste it instead.
Even so, they still don't feel entirely safe: they know that any hacker in a position to capture their keystrokes might also be able to capture their clipboard as well.
I do this, that is, paste my passwords. But I am not too concerned about a hacker capturing my clipboard because I do it on my Linux computer. (Linux: the security solution - but that's another story...)
Now that other question, about remembering a lot of passwords: where are we now?
We have a lot of different passwords...
They are strong, random ones...
And it's not safe to just let our browser remember them...
And it's not safe to keep a note of them...
So how do we remember them all?
More about that just below.
4. Do you store your passwords in an unsafe place?
This is where people can make a bad mistake, exposing themselves to identity theft.
When I started on this topic I thought I would not have to write this page: somebody else would have written a publicly available article about all the basics. I would just place the article on this site and the topic would be handled.
But the first article I found about this topic had some very bad advice. It suggested that you should "make a note" of your user names and passwords, perhaps in an Excel spreadsheet, for example.
Unbelieveable!
Anybody with access to your computer could get that spreadsheet and discover all your passwords. (Unless it is somehow secured, e.g. encrypted, hidden, password protected etc. - but the article did not mention that.)
Luckily, we do not need to rely on advice like that.
There is a lot of software available that is designed specifically to store passwords very securely. Also, this kind of software will, on demand, securely place the passwords into forms on websites. So they offer the same convenience that you would get if you allowed your browser to remember the passwords. But with dedicated password software you get more security. Because the people providing software like this are security specialists.
For Linux or a Mac system you can use KeePassX a cross-platform tool.
Another one is the aptly named PasswordSafe. You can read about it at the PasswordSafe site.
Some people seem to think that PasswordSafe is the real industry standard in free password tools. It also has the great advantage of being available for any operating system, Windows, Mac and Linux.
The suppliers do not recommend using it for your most sensitive online activities (e.g. your bank account log-in). This is understandable: since their service is free. They don't want to expose themselves to the legal problems that could eventuate if somebody claimed that thieves got access to their banking passwords.
Note: PasswordSafe is an online system: your passwords are stored at their server.
People need to decide for themselves whether this kind of remote storage of passwords is a good security measure for them. On one hand, you need to trust that the PasswordSafe people will store them securely. On the other, there is a security benefit because if you lost all your computers (e.g. in a house fire) you would still have all your passwords.
There is also the popular RoboForm. Last time I looked I saw they claimed 18 million users. The application is available in a number of languages. Find out more on the RoboForm website.
Also, as far as I know, with the free version of RoboForm you can store up to 20 passwords. To use more you can pay for the full version.
You can try RoboForm for free by downloading from us right here: download RoboForm trial.
Personally, I feel mostly safe keeping a note of my passwords in a hard-to-get password-protected OpenOffice document. It is just a word processing document. But OpenOffice documents are stored as compressed XML, so even if somebody stole the document from my computer they would have a hard time trying to discover what it contains (without the password). However, I would not keep my banking details in a document like that. Those details I prefer to have memorised, not written or stored anywhere.
(I have not looked into it, but it is possible that documents saved in Microsoft's new "docx" format are the same - i.e. stored as compressed XML and hard to decipher if they are protected with a password.)
UPDATE
OpenOffice was getting a bit unpredictable. It seeemed to develop a problem with exiting cleanly and often needed to 'recover' previously opened dociuments. This made me worry about my document containing passwords.
So now I am trying KeePassX. The X identifies it as the cross-platform version: that is, it works on Windows, Linux, and Macs. This is making a lot of users very happy because they can use the same password file at home and work and school etc. even if they use different operating systems - very convenient.
Here are some examples.
Note: I am not offering expert comparisons or user reviews of this software. I'm just showing that low-cost software is readily available that, for many web users, would make a huge improvement to their security and protection from crimes like identity theft.
Well,this seems to be the big one, with about 18 million users. RoboForm is a favourite with people who visit a lot of web sites that require a log-in. Also, RoboForm will complete online forms with other details beyond just your password or user name, e.g. your address details, which are frequently required for online shopping.
Remember, your browser can do this too, but the difference is that your browser does it for your convenience, whereas RoboForm does it as a security solution. Here are the main features.
• Remembers and Secures Your Passwords
• Logs You Into Web Sites Automatically
• Fills Long Forms with Just One Click
• Generates Secure Passwords
• Prevents Phishing and Defeats Keyloggers
• Very Easy to Use
• Recommended by Experts and Millions of Users
Find out more on the RoboForm website.
Or try it for free by downloading from us right here: download RoboForm trial.
For the security-conscious readers who want to know: these are the encryption algorithms that RoboForm uses (at the time of this article): AES, Blowfish, 3-DES, 1-DES.
For the mobile user: if you often log onto web sites from different computers, then RoboForm2go might be a good choice.
RoboForm2go (formerly known as Pass2Go) installs onto your USB Key so you can take it with you to work, school, internet cafes etc.
Find out more about it on the RoboForm site.
Or, you can download free from us right here: download RoboForm2Go free.
Terms are generous for the free trial: 30-day trial, then carry on using it for free for up to ten logins. Upgrade to the paid version later if you want to carry more than ten passwords.
Click to order
Password Saver,
or see below
for a link to
a free trial.
Description.
Password Saver is a powerful, feature-rich solution for storing all your password information in a secure, centralized database on your hard drive.
Password Saver uses industrial strength 256-bit AES/Rijndael encryption and all of the CryptoAPI algorithms included in Microsoft Windows to keep your passwords secure.
You get an easy-to-use interface for organizing, adding and editing your password records.
The software provides many pre-defined templates for commonly used records such as website and email accounts, so you can get started adding data right away.
Also, you are not just limited to the pre-defined templates or to just storing passwords - you can create your own custom templates to store virtually any kind of data.
The encryption ensures that only you can access your passwords. Also, since you no longer need to remember your passwords, you can use the software to generate random passwords that are far more secure than human-generated ones.
This is available for a free trial so you can see how you like it before deciding whether you would want to buy it.
You can download a free trial here.
However they are breaking into the same market and competing on price: they offer their software with both a free trial (for up to ten passwords) and a full version at a low price.
Vendor's Description.
EZ Password Secure is a tool to help you manage all your passwords and usernames, as well as the related URLs and descriptions, in different groups.
Also, EZ Password Secure can store other personal information, e.g. bank accounts, in its encrypted storage.
A built-in password generator provides custom passwords.
With the 1-Click function, you can paste a username and password to the clipboard, and also launch the associated web site.
Requirements: Windows 9x/ME/NT4/2000/XP
Key features:
Encrypted database.
The encrypted database can be accessed only with the entry password you set.
One-Click fast launch
Launch an associated URL directly from EZ Password Secure.
One-Click fast copy and paste
The Copy Button beside the Login and Password provides a fast way to copy information to clipboard. And the right-click pop-up menu provides another way to copy/paste information to/from clipboard.
Customized groups
All your data items are separated into customized groups. The groups and their data items are displayed as a tree view on the main window.
Powerful searching
The search function enables you to find information quickly within your records.
Password Generator
The built-in password generator allows you to choose the composition and length to generate your unique custom passwords.
You can buy it from here, for $14.95.
Also, there is a free trial version: it only saves up to 10 passwords. But it might be worth trying in order to determine whether the software suits you.
You can get it from the vendors here.
Staying safe and secure with online passwords.
1. Do you use an 'easy' password?
A password is more secure if there is nothing obvious about it. It is best to avoid dates, birthdays, family names, pet names, plain english words, significant numbers like phone numbers, street address numbers, vehicle plate numbers and so on.
The best, strongest passwords are long and random. Also they contain letters AND numbers. Also, if you can, it is even better to include some 'extended' characters, such as the underscore (_), percent sign (%), tilde (~) or plus sign (+).
Of course if you have more than a few passwords - and they are strong, random ones - how do you remember them? More about that below.
How do you get a really random password?
There are a number of ways to generate a truly random password. Doing it conveniently and correctly usually involves some software (for convenience) and a random number generator. But don't just use the first website you see that offers you the service of generating random passwords on the site. Some of those widgets are not truly random.
There is free software that can be used to generate passwords, e.g. this one, Random Password Generator. This is just an example: I am not vouching for the quality of this software or the randomness of its passwords.
Most password software will not only remember passwords but also generate random ones for you.
More information about password software is below The point right here is that a huge proportion of web users can make a real improvement in their security by not using those 'easy' passwords with English words, names, birth dates etc.
2. Do you use the same password for more than one account?
Every time we are required to supply a password we need to use a new and different password. For example, suppose you need a password for a bank account, an email account, an internet forum you visit, and maybe you use a password to log on to your own computer (you should). These should be four different passwords. Otherwise a hacker or identity thief only needs to discover one password and then try it out on some bank accounts, email accounts, web forums or anything else associated with your name.
I haven't forgotten that other question: if you have a lot of different passwords - and they are strong, random ones - how do you remember them? More about that below.
3. Do you let your browser remember your passwords?
Well, I certainly don't, not important ones anyway. I advise anybody to SAY NO when a browser asks you if you would like it to remember your password or other details for completing online forms or logging into sites.
I am not trying to criticise any browsers here. There are two main points to consider:
A. Your browser has this feature mainly for convenience, not for security.
The people who make the browser, e.g. Internet Explorer or Mozilla Firefox, are giving you the option of using this feature for your convenience.
They will store your password in a secure way, but they are providing a feature that is mainly for convenience, not security. In all likelihood the browser's password storage is difficult to hack and it's probably not worth the trouble to most hackers - since there are easier pickings for them. But still, if it's a question of protecting all the money in your bank accounts, don't rely on a feature that is provided mainly just for convenience.
(You can read in details about how browsers store passwords, and how secure or insecure thay might be, in this article at SecurityFocus: Password Management Concerns with IE and Firefox.)
B. If your computer is unattended...
There is another problem with letting your browser automatically log you onto sites such as your bank. If you step away from your computer, then anybody who can access your computer can also access any of those sites with YOUR identity.
In order to log into websites, banks, forums etc. some people are very, very careful about entering user names and passwords into the form fields. Some people, very security conscious and defending against keyloggers, never actually type their password. They copy and paste it instead.
Even so, they still don't feel entirely safe: they know that any hacker in a position to capture their keystrokes might also be able to capture their clipboard as well.
I do this, that is, paste my passwords. But I am not too concerned about a hacker capturing my clipboard because I do it on my Linux computer. (Linux: the security solution - but that's another story...)
Now that other question, about remembering a lot of passwords: where are we now?
We have a lot of different passwords...
They are strong, random ones...
And it's not safe to just let our browser remember them...
And it's not safe to keep a note of them...
So how do we remember them all?
More about that just below.
4. Do you store your passwords in an unsafe place?
This is where people can make a bad mistake, exposing themselves to identity theft.
When I started on this topic I thought I would not have to write this page: somebody else would have written a publicly available article about all the basics. I would just place the article on this site and the topic would be handled.
But the first article I found about this topic had some very bad advice. It suggested that you should "make a note" of your user names and passwords, perhaps in an Excel spreadsheet, for example.
Unbelieveable!
Anybody with access to your computer could get that spreadsheet and discover all your passwords. (Unless it is somehow secured, e.g. encrypted, hidden, password protected etc. - but the article did not mention that.)
Luckily, we do not need to rely on advice like that.
There is a lot of software available that is designed specifically to store passwords very securely. Also, this kind of software will, on demand, securely place the passwords into forms on websites. So they offer the same convenience that you would get if you allowed your browser to remember the passwords. But with dedicated password software you get more security. Because the people providing software like this are security specialists.
Free Password Utilities
As usual, there is free help available with computer security. For example, KeePass is a 'Password Safe' that stores your passwords with strong security. It is free to download and use.For Linux or a Mac system you can use KeePassX a cross-platform tool.
Another one is the aptly named PasswordSafe. You can read about it at the PasswordSafe site.
Some people seem to think that PasswordSafe is the real industry standard in free password tools. It also has the great advantage of being available for any operating system, Windows, Mac and Linux.
The suppliers do not recommend using it for your most sensitive online activities (e.g. your bank account log-in). This is understandable: since their service is free. They don't want to expose themselves to the legal problems that could eventuate if somebody claimed that thieves got access to their banking passwords.
Note: PasswordSafe is an online system: your passwords are stored at their server.
People need to decide for themselves whether this kind of remote storage of passwords is a good security measure for them. On one hand, you need to trust that the PasswordSafe people will store them securely. On the other, there is a security benefit because if you lost all your computers (e.g. in a house fire) you would still have all your passwords.
There is also the popular RoboForm. Last time I looked I saw they claimed 18 million users. The application is available in a number of languages. Find out more on the RoboForm website.
Also, as far as I know, with the free version of RoboForm you can store up to 20 passwords. To use more you can pay for the full version.
You can try RoboForm for free by downloading from us right here: download RoboForm trial.
Personally, I feel mostly safe keeping a note of my passwords in a hard-to-get password-protected OpenOffice document. It is just a word processing document. But OpenOffice documents are stored as compressed XML, so even if somebody stole the document from my computer they would have a hard time trying to discover what it contains (without the password). However, I would not keep my banking details in a document like that. Those details I prefer to have memorised, not written or stored anywhere.
(I have not looked into it, but it is possible that documents saved in Microsoft's new "docx" format are the same - i.e. stored as compressed XML and hard to decipher if they are protected with a password.)
UPDATE
OpenOffice was getting a bit unpredictable. It seeemed to develop a problem with exiting cleanly and often needed to 'recover' previously opened dociuments. This made me worry about my document containing passwords.
So now I am trying KeePassX. The X identifies it as the cross-platform version: that is, it works on Windows, Linux, and Macs. This is making a lot of users very happy because they can use the same password file at home and work and school etc. even if they use different operating systems - very convenient.
Password Management Software
Compared to free utilities and services, password management software that you buy tends to have more features.Here are some examples.
Note: I am not offering expert comparisons or user reviews of this software. I'm just showing that low-cost software is readily available that, for many web users, would make a huge improvement to their security and protection from crimes like identity theft.
RoboForm
Remember, your browser can do this too, but the difference is that your browser does it for your convenience, whereas RoboForm does it as a security solution. Here are the main features.
• Remembers and Secures Your Passwords
• Logs You Into Web Sites Automatically
• Fills Long Forms with Just One Click
• Generates Secure Passwords
• Prevents Phishing and Defeats Keyloggers
• Very Easy to Use
• Recommended by Experts and Millions of Users
Find out more on the RoboForm website.
Or try it for free by downloading from us right here: download RoboForm trial.
For the security-conscious readers who want to know: these are the encryption algorithms that RoboForm uses (at the time of this article): AES, Blowfish, 3-DES, 1-DES.
For the mobile user: if you often log onto web sites from different computers, then RoboForm2go might be a good choice.
RoboForm2go (formerly known as Pass2Go) installs onto your USB Key so you can take it with you to work, school, internet cafes etc.
Find out more about it on the RoboForm site.
Or, you can download free from us right here: download RoboForm2Go free.
Terms are generous for the free trial: 30-day trial, then carry on using it for free for up to ten logins. Upgrade to the paid version later if you want to carry more than ten passwords.
Password Saver
Click to order
Password Saver,
or see below
for a link to
a free trial.
Password Saver is a powerful, feature-rich solution for storing all your password information in a secure, centralized database on your hard drive.
Password Saver uses industrial strength 256-bit AES/Rijndael encryption and all of the CryptoAPI algorithms included in Microsoft Windows to keep your passwords secure.
You get an easy-to-use interface for organizing, adding and editing your password records.
The software provides many pre-defined templates for commonly used records such as website and email accounts, so you can get started adding data right away.
Also, you are not just limited to the pre-defined templates or to just storing passwords - you can create your own custom templates to store virtually any kind of data.
The encryption ensures that only you can access your passwords. Also, since you no longer need to remember your passwords, you can use the software to generate random passwords that are far more secure than human-generated ones.
This is available for a free trial so you can see how you like it before deciding whether you would want to buy it.
You can download a free trial here.
EZ Password Secure
EZ Password Secure is from a company that does not have the huge user-base of a vendor like RoboForm.However they are breaking into the same market and competing on price: they offer their software with both a free trial (for up to ten passwords) and a full version at a low price.
Vendor's Description.
EZ Password Secure is a tool to help you manage all your passwords and usernames, as well as the related URLs and descriptions, in different groups.
Also, EZ Password Secure can store other personal information, e.g. bank accounts, in its encrypted storage.
A built-in password generator provides custom passwords.
With the 1-Click function, you can paste a username and password to the clipboard, and also launch the associated web site.
Requirements: Windows 9x/ME/NT4/2000/XP
Key features:
You can buy it from here, for $14.95.
Also, there is a free trial version: it only saves up to 10 passwords. But it might be worth trying in order to determine whether the software suits you.
You can get it from the vendors here.
Menu
© Copyright computersecure.net 2007 All rights reserved.