Thursday, October 18, 2007

HOW TO REDUCE PASSWORD PAIN??

People are rarely good at dealing with computer passwords. According to a survey carried out in Europe by McAfee, a computer security specialist, almost half of all users never change their passwords. That's risky enough but the survey also found that roughly one in four respondents use the same password for all their online accounts. In other words, if one account is cracked, everything is cracked.

McAfee also found that most people don't use the recommended longer, more complex, passwords made up of a mixture of upper and lower case letters, numbers and even punctuation characters. Worse still, many passwords are fairly obvious things like a pet's name or a hobby.

This is why many security conscious websites will automatically nag you to select a more complex, so-called strong password. It may be annoying, even patronising, but this kind of enforced security is ultimately a good thing.

Reluctance to use strong passwords is hardly surprising. It's not too difficult to remember one or two passwords - even complex ones - but today's online world requires us to use dozens.

An ability to remember, say, 25 complex, meaningless 12-character passwords that change every six weeks or so is the kind of skill that used to be a requirement for getting a job with a travelling freak show.

On the other hand, writing them on a Post-It note and sticking it on your monitor isn't much of an answer. The dangers of poor password management can be catastrophic. Not only could criminals get control of your bank account but they also could easily move on to ruining your entire life and destroying your business. Identify theft is terrifying so something needs to be done.

There are plenty of practical tools to help manage passwords. Alongside its other security features, Norton Internet Security 2008 ($100) includes an Identity Safe that secures your log-in information for websites in a central store. This automatically prompts you to save details when you log in to a new site and then fills in the information when you return. It allows multiple log-ins for sites so, for example, two people can securely access Yahoo! Mail from a single computer.

If you don't want to spend money, Keepass (http://keepass.info) is a free, solid encrypted password database. It's very secure - if you keep the program running and leave your computer you'll have to log-in again before using it.

No comments: