There's a good article on PC World today as it relates to security.
http://www.pcworld.com/article/188763/too_many_people_reuse_logins_study_finds.html?tk=rss_news
In a nutshell (and this is a very valid point) it says that many of us re-use our user IDs and passwords among a variety of sites. Of course, the main problem with this, is that if one of your passwords on a specific site becomes comprised, then it can be just a hop, skip and a jump for someone with ingenuity to access multiple sites.
The problem here is that the human mind is somewhat limited in terms of memory, and it is next to impossible to remember the myriad of user ids and passwords required across the web.
I think that the general rule of thumb for this is that one should have unique user IDs and passwords for each site visited, and of course - the passwords need to be sronger (there are many websites out there that discuss how to create stronger passwords).
However, as I mentioned, the ability to remember user IDs and passwords is finite, so what are the options?
Well - first of all, software such as Roboform can be used to remember login credentials (user IDs and passwords). The theory being that Roboform is protected with one master password, and that if it is a very strong password, then all is good. Where this falls apart though is that Roboform is installed on the local computer and this means that if you're on a different computer on an irregular basis - and if you don't want to be downloading Roboform each time...well...you see how this one goes.
The second option is more manual, but probably a little more easy to manage. The thought is that you create a strong "base" user ID and password and then have variants for each website. As an example John G Smith might have the base user ID of johngsmith and a base password of B@seba!!9012. When on a specific site, you would create a variant of this with text either before or after the user ID and password. If he was visiting TD Canada Trust, his user ID might be TD_johngsmith and his password might be TD_B@seba!!9012 and if on eBay, it might be EB_johngsmith and the related password be EB_B@seba!!9012. That way, if the TD Canada Trust account was comprised, this would be the only site affected.
http://www.pcworld.com/article/188763/too_many_people_reuse_logins_study_finds.html?tk=rss_news
In a nutshell (and this is a very valid point) it says that many of us re-use our user IDs and passwords among a variety of sites. Of course, the main problem with this, is that if one of your passwords on a specific site becomes comprised, then it can be just a hop, skip and a jump for someone with ingenuity to access multiple sites.
The problem here is that the human mind is somewhat limited in terms of memory, and it is next to impossible to remember the myriad of user ids and passwords required across the web.
I think that the general rule of thumb for this is that one should have unique user IDs and passwords for each site visited, and of course - the passwords need to be sronger (there are many websites out there that discuss how to create stronger passwords).
However, as I mentioned, the ability to remember user IDs and passwords is finite, so what are the options?
Well - first of all, software such as Roboform can be used to remember login credentials (user IDs and passwords). The theory being that Roboform is protected with one master password, and that if it is a very strong password, then all is good. Where this falls apart though is that Roboform is installed on the local computer and this means that if you're on a different computer on an irregular basis - and if you don't want to be downloading Roboform each time...well...you see how this one goes.
The second option is more manual, but probably a little more easy to manage. The thought is that you create a strong "base" user ID and password and then have variants for each website. As an example John G Smith might have the base user ID of johngsmith and a base password of B@seba!!9012. When on a specific site, you would create a variant of this with text either before or after the user ID and password. If he was visiting TD Canada Trust, his user ID might be TD_johngsmith and his password might be TD_B@seba!!9012 and if on eBay, it might be EB_johngsmith and the related password be EB_B@seba!!9012. That way, if the TD Canada Trust account was comprised, this would be the only site affected.
Since I am not good with remembering some data, I must use password management software. I use Sticky Password, which I think is very good.
ReplyDeletehttp://www.stickypassword.com
Thanks for the head's up on sticky password. There are a bunch of them out there like that. Having some type of password management software is something that I will have to take a look at. Part of me wants to look at the possibility of a web-based solution to increase portability, but the problem with that is that it might be easier for others to compromise the master password and access the Rick-world!
ReplyDelete