Web site password management is more critical than ever. We are storing and accessing more of our information online and theives are getting evermore creative in how to steal that information. It is critical to have a good password management system for all of your financial-related web sites.
First it is very important to one a unique password for each web site that you use. Though not optimal it is probably all right to use a shared password for your myspace and NY Times web site access. Passwords for your bank, bill payment service, credit cards, and other financial sites should be unique to each site. Be sure to create a password that does not contain any personal information such as your birthday, age, address, social security number, or a dictionary word. A good password should be a random string of characters that meet the following criteria.
- Be sure that a word is not spelled in the password. i.e. rutabaga25
- Include at least two numbers
- Capitalize at least one letter
The problem is that with so many unique passwords it is impossible to remember them all, but various forms of recording them can be dangerous. Web browsers such as Internet Explorer and Firefox will offer to store your passwords, but this is not a good practice. You can fall prey to a trojan horse program on your computer that can read these passwords or someone could simply steal your computer. It is also not portable which is important today. The option of keeping them written on paper also has its obvious drawbacks.
I have discovered a program that I have used since version 0.5 that has served all of these criteria very well. The best features of the software are that it is free, portable, and very secure.
The program is the open-source Password Safe which is available at
http://passwordsafe.sourceforge.net. Bruce Schneier originally developed the program and then turned the code open source which allowed to develop the software. They have versions for JAVA, Windows, Mac OS, Linux, and even Pocket PC. The most developed version is for Windows.
When you run the installation program it will ask if you want to install it to your computer or to an external disk drive. This is where portability is available. I have run all versions of Password Safe from an inexpensive USB flash drive that I almost always wear. You could enhance security if you stored the program and database on a secure, encrypted USB flash drive. The price of these is coming down significantly as more enter the market. Just choose the disk drive that is your USB flash drive and it will install there.
Once you have installed the software, go to your USB flash drive and start the program. It will walk you through creating a password database. You can have more than one password
database in case you wanted a work-related database that you could share with coworkers. Yes, the password database has a password referred to as a safe combination. Be sure to create a good password for your database. The software will even prompt you if you create a password that is not sufficiently secure.
Once all of your usernames and passwords are entered, you simply need to click the proper database entry and then choose to copy the user name or password into your computer’s clipboard. You can then paste it into a web site or other password-protected software.
You now have a portable and safe password solution. The software can moved from one computer to another and it does not leave any evidence of its usage on your friend’s or work computer. The original version of the software did leave a small text file on the host computer, but their was no revealing information left behind. The newest version has eliminated that problem. The software even goes so far as to clear the computer clipboard when you close it in case you have copied a password or username there.