Strong password requirements (like using upper and lower cases, at least one number and maybe a special character) cause a lot of frustration for computer users. There is however, a way to manage your passwords without sacrificing security for convenience and the best part is the solution is available for free.
Let’s start at the beginning – the computers login screen.
Whether you are running Windows, Mac, Linux or any of the other operating systems out there, when the system boots up it will look for a password. Now sure, I know what some of you are thinking, “I don’t have to enter a password when my machine boots up so you must be wrong.” Well, that isn’t entirely true, it’s just that most machines will give the user the ability to either auto logon or not require a password at all at boot up. This is one of those instances where people will sacrifice security for convenience. People don’t want to be bothered entering their password every time so the system gets set up without it. Sure it’s convenient but the problem is now anyone who sits in front of your machine and turns it on will be able to get in and have access to all your stuff. Many people choose to go this route thinking that “hey, I’m the only one that uses this machine so I don’t need it asking for a password every time” but if we are talking about a laptop (which is portable) that can be a disaster waiting to happen if it ever gets lost or stolen. If it’s a desktop machine the argument seems a little more valid but it won’t protect you if there is a break in or some other unauthorized user gains access to your machine (either physically or gets in through the internet). The fact of the matter is that if your machine is connected to the network then there should be a password in place to protect your files.
The next area where people sacrifice security is in password strength. Weak passwords are passwords that may be easy to remember but they are often short “dictionary” words that can be cracked in a matter of minutes by any of the available password cracking utilities that are out there. Passwords like “god,” “monkey,” or any other word found in the dictionary may be short and easy to remember but they are also the first things that these password cracking utilities will try. That’s why many sites (and programs) will insist on including upper and lower cases, some numbers and even a special character or two. “MonKey!387” is a hell of a lot harder for someone to crack than just the word “monkey.” Sure, it may be a little more inconvenient but using a weak password will just give you a false sense of security.
The next shortcut people take is in using one password for everything. The reasoning people use for this one is “well, I can’t remember a different password for everything so I just use the same one everywhere I go and never have a problem.” I will be the first to admit, using the same password for the windows login, email, etc. is convenient but a problem can arise if your password does get cracked – it’s common practice for hackers (when they discover some ones user name and password) to try that same username and password pair everywhere. Again there are tools out there that will allow someone to enter a username and password and the program then goes and tries them on hundreds of sites (like AOL and facebook) and then provides the hacker a list of all the sites where the password works. Using the same password everywhere is one of the ways hackers are able to take over all of the services that you use. It may be a bit inconvenient but using a different password for every site is a lot safer than using one password everywhere.
Earlier in this column I mentioned that there is a free solution out there that solves these issues. Open up your browser and pull up www.keepass.com. Keepass is a free (open source) program that will allow you to store and manage all of your passwords in one place so you don’t have to rely on post it notes all over your desk. Use Keepass to create unique “strong” passwords for all of your sites and you won’t need to sacrifice security for convenience.
Sean McCarthy fixes computers. He can be reached at 888-752-9049 or help@ComputeThisOnline.com (No Hyphens!)