Tips and Tools to Stay Safe and Sane

Drowning in Passwords ?

Another day, another password: Thanks
to Web-based apps, we're all
acquiring passwords at quite a clip.

How do you remember them all
while staying secure?

Here are some helpful tools and
strategies -- that don't involve
writing your passwords on sticky notes.
By  Bill Snyder

  CIO — Who the heck am I? Am I
shopper-Bill, flyer-Bill, reader-Bill,
buyer-Bill, potrero-Bill, or this that
and the other Bill on the 30
or more sites that comprise
my online life?

And which of my many passwords
do I need right now?

If you spend much time online,

you probably have the same

problem I do: How to remember

your ever-growing list of

online usernames and

passwords—and stay

secure at the same time.

[What's the latest in

Microsoft's War against

Google Apps?

See CIO.com's recent analysis

of where Office stands a

gainst rival Web-based apps. ]

You're savvy enough to know that

identity theft and illegal access

to personal and financial data

are real-world problems that

you want to avoid. But what are you

doing about it?

Odds are, not much, says

Andrew Jaquith, a computer

security analyst at Forrester Research.

"There are two classes of people; those

who seem to care about the security

of their accounts, and those who

act as if they don't."

Most people, he says, fall in

the later category.

If you're one of the majority,

your security strategy may be

nothing more than using

a single password for every site

you need to access. On the one hand,

the chances of it being stolen

aren't terribly high and you

probably won't forget it. But if it

is stolen, the malefactor will have

access to your entire online life,

including bank accounts and

maybe medical records.

Not a pretty thought.

It turns out that there are a number

of strategies that will help you

avoid that ugly scenario. Most of them

are simple, free or quite inexpensive,

and much more secure than

what you're doing now. But some

are just halfway measures that

could let you down in a pinch.

A Password Safe of Sorts

Let's start with my favorite.
A Windows program called RoboForm,
($29.95) from Siber Systems.
RoboForm stores your passwords,
usernames, personal information,
and the URLs of sites you visit
on its secure server. Your information
is protected by a master password
that you'll enter before
logging into a site. The program will
then log you in, and automatically
fill out the kinds of forms you need
to do things when shopping online.

If you typically work on two computers,
say one at home and one
in the office, you can synch
the two PCs and have your
passwords on both systems.

Until recently, RoboForm suffered

from the same flaw that most

password managers

suffer from:it was useless if you

were on a public computer.

That's a real problem if you're

traveling without your laptop and

suddenly realize you have bills

to pay via your banking site,

or want to make an online trade.

RoboForm Online fixes that.

It is however, in beta form, and

a bit clunky, requiring a double sign

on and a few other minor annoyances.

But it does work (based on my try out)

and the company expects

to have a finished, and presumably

more polished, version out

within a few months.

There's also a version for the iPhone,

and it's possible to load RoboForm

onto a USB drive and take it

with you for use on public computers.

The company says the USB version

leaves no traces behind.

If you use RoboForm do not

forget your master password—it is

not recoverable. Although password

recovery is a common feature

on many Web sites, Siber Systems

decided that enhanced security

was more important than

potential inconvenience.

Tools for Mac Users

By the company's own admission,
RoboForm doesn't work
very well on a Mac (that's supposed
to change next year) but a similar
program called 1Password ($39.95)
from Agile Web Solutions,
offers many of the same features
for use on Apple hardware.

I haven't tried it out, but it's
earned good reviews and gets
nod from Forrester's Jaquith.

Users of various versions of
the Mac OS can also take
advantage of a built-in feature
called Keychain that offers
password management
on a single machine.

Another option that's similar

to RoboForm, Callpod's $29.95

Keeper utility, comes in versions

for Mac, Windows, and Linux users

(The vendor offers a 15-day free trial.)

A separate mobile Keeper version

serves iPhone and iPod touch users.

If you are a smartphone user,

the first step you should take

to stay safe is password protect

your whole device: See instructions

from CIO.com's Al Sacco on how to do it.

A Free Trick or Two

Don't want to spend money?

You could simply put your passwords
in a password-protected file.
If you use Microsoft Word, it's easy.
Simply go to Tools, then Options
and click the security tab.
You'll have the option to require
a password to open the file,
or just to modify it.

If you're traveling, you can put
that file on a USB drive.
But don't forget that password.
If there's a backdoor that will let
you recover the file without it,
I haven't heard about it.

Warning: Many security gurus,
such as Bruce Schneier,
don't advocate keeping this type
of file on your PC. (See this useful blog
post from Schneier for some more
advanced advice on crafting
and managing passwords. )

Most browsers, including

Internet Explorer, Firefox and Safari,

can automatically fill in forms

and passwords for you.

That's certainly helpful and if

you're certain that no one else

has access to your computer,

it's not terribly risky.

However, if your teenager or

someone else does use your computer,

you could be in trouble.

A simple solution is to delete

saved passwords and forms

when you get done. In Firefox,

for example, go to "Tools," "Options"

and then the security tab and look

for the "saved passwords" button.

Click it and a list of saved passwords

and usernames opens up.

Simply delete all or some of them.

Other browsers have similar features.

Also remember that public computers

are often infected with malware, including

keyloggers that copy everything you type.

Password managers defeat them,

since the password is not

actually typed on the page.

Finally, Google and some other

online heavyweights are reviving

an old idea, a secure, single

password/username combo,

such as your Google or Yahoo ID,

that you could use for multiple sites.

Sun and other companies have

experimented with similar schemes,

but none ever got off the ground.

Maybe this attempt will be

the charm. But I'm not holding

my breath, and will continue to explore

password management options

that really exist. So should you.

San Francisco journalist Bill Snyder

writes frequently about business

and technology.

Follow everything from CIO.com

on Twitter @CIOonline.

Link here

Sent from Kigali, Rwanda

No comments:

Post a Comment