At one point in time, many of these passwords may have been identical, but over time, as different password rules came into effect and forced changes, these passwords became different, and therefore very difficult to manage. I've seen people, whose mental capacities could otherwise be described as 'genius', have an extremely hard time figuring out which password they needed to use at that particular moment. Many users make a conscious decision to use the same, short, simple password, just because it's too difficult to keep track of them all.
I'm always tempted to use a single password myself, but i know that if someone guesses or steals the password from one of my accounts, all of my accounts will be in trouble. My mental capacities are no different from your average IT guy, and i certainly can not remember all of my passwords; but i don't have to! We live in this wonderful age where software solutions give us extra capabilities, and therefore free up time and memory that would otherwise be wasted on mundane tasks, such as remembering passwords.
I'm speaking specifically of a free tool which i use regularly, and which saves me a lot of time, that is called Password Safe. This is an open source tool, licensed under the Artistic License 2.0, and it has been free for many years. Password Safe comes in different flavors, and ports exist for Linux, as well as for the Macintosh OSX. Take a look at their Related Projects page for more information about this.
The authors describe the application this way: "Password Safe is a password database utility. Users can keep their passwords securely encrypted on their computers. A single Safe Combination unlocks them all."
As stated above the picture, all i have to do is remember that one password, which unlocks the encrypted database containing all of my username and password information.
A very useful feature of this program is that it can generate complex passwords on demand. As i add a new entry into my database, i can go to the Password Policy tab, and specify the complexity of the password that i want the program to generate.
When i go back to the Basic tab, and i click on the Generate button multiple times, i will get a really complex, really secure password, based on the aforementioned policy settings.
Even if i wanted (or could...), I never have to remember this password. All that i need to know is the initial database password, which decrypts the contents of the Password Safe database. I can move this small database file to different computers, and all my passwords will be there. If I am moving the database via a cloud storage solution (dropbox, box.com etc.) i can certainly use TrueCrypt to further encrypt the database file, just in case.
I hope that this information has been helpful, and that I'll make you think more about your own personal password policies.
Even though it's not free, I've been using Wallet and it's wonderful, syncs with dropbox to ensure that all devices have the latest version of the database. Unfortunately, it doesn't have an Android version, but works on my home/office/iPad seamlessly.
ReplyDeleteFor Android I use UPM (Universal Password Manager). It's free and encrypts data using a master password.
ReplyDelete