Ok, I’ve talked about the three Password Managers that I found off-hand (although there are others). So now I’m going to give you some tips about what to look for in a password manager, how to create strong passwords, and some ideas for your secret question answers.
Password Managers: What to look for.
One of the first things that you should look for is the ability (or a default setting) to password protect your data file. RoboForm, and Password Safe are good about requiring a combination right away. KeyWallet and Whisper 32 don’t require it immediately, but will prompt you to protect it at some point. Also you can do this in the options.
The second thing that you should look for is the type of encryption that the password manager uses. Blowfish is probably the best option, but AES and DES are good too. Make sure that it doesn’t store your master password in any plain-text files. Even if no one can get into your computer from the outside, you don’t want that accessible to someone who has physical access either.
The third thing to consider is how easy it is to use the passwords. If you have to right click to get them, it’s a bit more time consuming than just double clicking on the name. Although that time is miniscule, it’s still a consideration. As far as ease goes, RoboForm was the easiest by far, and Password Safe was a close second.
Finally you should look at the options you have available in generating your passwords. Do you have the option of password length, using Alphanumeric characters, Upper and lower case, and symbols? Along these lines, do you have the option to override your default options, or are you stuck with them (and have to either set them in preferences first, or use a portion of the generated password)? RoboForm and Password Safe both win on this, because you have the ability to customize your generated password before you actually create it.
If you’re looking at purchasing a suite with a Password Manager in it, you’ll want to make sure that future versions will open and upgrade your current data files. This holds true for the free and open-source password managers as well. Make sure they have a good import and export feature.
Tips for creating Strong Passwords:
Most of these tips are common place. But I want to reemphasize them to you anyhow.
- Use a minimum of 6 characters for the length. Some places require or recommend 8 or more, which is probably good. Personally if there’s a set maximum, that’s what you want to use. Otherwise at least 6 characters.
- Start with an uppercase letter.
- Combine lower and upper case letters in your password. It’ll take longer to crack HorSe than it will horse or even Horse.
- Include numbers in your password. HorSe1234 will take longer to crack than the other three passwords mentioned above. There’s a language called “Leet” or “L337” that works perfectly to this advantage. In Leet, 4 = h or A, 7 = T or t, 3 = e or E, 0 = o or O, and 1 can be an i or I, or l or L. So H0rS3 would be even harder to crack than the other passwords (although H0rS31234 would be the hardest).
- Along the lines of numbers, don’t use numbers in sequence. 1234 or 1111 or 3421 aren’t good choices. These would be some of the more common things that someone will try first. They will definitely be trying sequences of numbers. So even if they are combined with words, it’s not a good idea.
- If the site or program will allow, use symbols in your password. ^*&#()!. are all good ones to use. H0rS3&1234 is harder to crack than the above passwords.
- Do not use common names (dictionary words), words or phrases, or things that people can find out about you. This includes your address, social security number, date of birth, phone number or even your birth date or anniversary date. Definitely don’t use your name or any of your relative’s names. Even if you combine them with the other tips, they’re still easy to figure out.
- An option that’s commonly recommended is to pick a phrase and use the first letter of each word in it. For example, “My Very Elderly Mother Just Sat Upon North Platte” (the phrase we were taught as kids to memorize the planets) could become “MVeMjSuNp” and you could even go so far as to make it “Mv3mjSu&p”. It’s a phrase you’ll remember, that no one will recognize, and includes the numbers and symbols.
Tips for the “Secret Question” answers.
Ok in my first post about passwords and managers, I talked about how easy it was to crack Sarah Palin’s Yahoo account. They simply found the answers to her secret questions. And most people will at some point blog or post about their first pet (Georgie), High School name (Franklin), or even their first love (Julia). So, what do you do to fool potential crackers?
Probably the easiest thing is to make up names for these things. But that may not work, since you’ll be more apt to try the real names than your pseudo names.
What I recommend doing is using some of the same tips for strong passwords.. My first pet just went from Georgie to G3oRg13. My High School is now Fr4&kl1n. and my first love? Ju1I@. This makes it a lot harder to crack the secret question, because most places will lock you out after two or three attempts at answering it.
*Just for clarification and stating the obvious, don’t use the passwords or combinations of secret questions that I posted here. And none of these apply to any of my passwords or secret questions.
Have a great day:)