Technology

January 2005

 


home

feature

entertainment

sports

technology

write corner

submissions

advertise

about us

press releases

back issues

 

 

 

  

Managing and protecting passwords
 by Bronson Tang
 btang@etomicmail.com

Passwords -- we use, sometimes abuse, and often lose them.

According to a recent study of over 3,000 IT managers, executives, and security personnel, conducted by Rainbow Technologies:

*  51 percent of computer users required IT assistance to access
   applications because of forgotten passwords;

*  The average person manages 5.5 passwords.

*  Almost one third of users have at least eight user names and
   passwords on their systems at any given time.

Additionally, user names and passwords are expected to become the largest problem in the authentication market -- predicted to double in cost to $2.8 billion in 2008, up from $1.4 billion in 2003 – according to the Yankee Group, a research firm specializing in IT-related issues.

Passwords and PC’s go hand-in-hand. We depend on passwords for a variety of daily tasks -- from checking our voicemail, to logging onto our computers, to entering password protected Web sites. But how do you keep track of and, more importantly, protect these valuable passwords?

Below are seven tips for managing and protecting your passwords. For the more technologically advanced, additional tips are offered at the end of the article:

 1. Password selection. A “strong” password will be hard to detect by both humans and the computer. Two basic rules make a password stronger: (1) a larger number of characters – at least six to eight, if possible; and (2) mixing numeric digits, upper and lower case letters,0020and special characters ($, #, &, etc.). More tips for password strength:

a. Passwords are case sensitive; therefore “1234PASSword” is not the same as “1234password.”

b. Do not use any part of your user name, full name, address, birth date, or any other identifying personal information. This will make valuable personal information readily available to intruders.

c. Include both uppercase and lowercase letters.

d. Include both letters and numbers.

e. Avoid words that can be found in a dictionary, including foreign and technical dictionaries. Dictionary attacks work by trying millions of word combinations per second, until your password combination is found and, subsequently, compromised.

f. Do not use a password that has been given as an example of a good password.

g. Do not use common passwords such as “love,” “God,” and “money.”

 2. Protect your password. Avoid writing down your passwords; instead try to memorize your passwords. DO NOT share your password with anyone.

3. Get the tools. There are several tools that make a dramatic difference in helping to manage and simplify the overwhelming amount of user name/password combinations for which you may be responsible. Depending on your individual and/or company needs, the cost and benefits of a password management program or service will vary. Both Internet Explorer (IE) and Netscape Navigator have built-in tools to help manage Internet-related user name/password combinations (for more information please see: “For the more technologically advanced” section). To locate an effective password management tool go to www.download.com and type in the “search” box: “Password Manager” or “Manage Password.”

4. Frequently change your password. Change your password frequently – at least every four to six weeks. This will help reduce your risk to intruders who may have obtained your password from using it illegally.

 5. Do not recycle old passwords, or use the same password for several different applications. If an intruder has illegally obtained your password, recycling old or existing passwords among different applications increases the risk that one or more of your personal and/or business-related applications will be severely compromised.

 6. Keep folder and file contents secret. Do not label and/or name the folder/file based on the contents, as this allows intruders to quickly identify your valuable folder contents.

 7. Know the security policy. A security policy essentially provides specific guidelines of what is and is not allowed. It defines the tools and procedures required, and is an important part of any security architecture.

For the more technologically advanced:

Technologically savvy users also can take advantage of these additional tips for managing and protecting passwords on the Internet:

Internet Explorer (IE): If you use AutoComplete, you can easily remove saved passwords and information that you may have entered into certain online forms, such as your credit card number. If you are tired of remembering and typing in passwords for various Web sites, IE automatically saves your passwords (and without the annoying pop-up that asks whether you want to save each password). Below are instructions for clearing and saving passwords using AutoComplete:

Clearing passwords:

1. In the IE “Tools” menu, select “Internet Options” and open the “Content” tab.

2. Click “AutoComplete” and you will be offered choices to Clear Forms and Clear Passwords.

Saving passwords:

1. In IE 5 and IE 6 (Note: To see what version of IE you have go to “Help” and click “About Internet Explorer”), select “Tools” | “Internet Options” and go to the “Content tab.”

2. Click “AutoComplete” and uncheck “Prompt me to save passwords.”

Netscape Navigator: If you use Password Manager to remember your user name and password for a web site, the next time you visit the site, Password Manager will automatically fill in your user name and password on the site's log in screen.

Turning Password Manager on and off

By default, Password Manager is already activated. To turn off Password Manager:

1. Open the “Edit” menu and choose “Preferences.”

2. From the Privacy & Security category, choose “Web Passwords” (if no subcategories are visible, double-click the category to expand the list).

3. To turn off Password Manager go to the “Password Manager” section and deselect "Remember passwords for sites that require me to log in"

Managing stored passwords

To see a list of user names and passwords you have stored:

1. Open the “Tasks” menu, choose “Privacy & Security”; then choose “Password Manager.”

2. Select “View Stored Passwords” from the submenu -- you will then see the Password Manager window.

3. Click the “Passwords Saved” tab; you will see a list of all stored user names (passwords are not listed).

4.  To remove a user name, click on the user name and then click “Remove.” The next time you visit the web site, you will be asked to enter your password.

5.  To view a list of Web sites for which you have instructed Password Manager never to store user names click the “Passwords Never Saved” tab. To remove a web site from this list, click on the Web site address and then click “Remove.” The next time you visit the Web site, you will be asked if you want Password Manager to save the user name and password for that site.


Additional resources:

The CERT® Coordination Center (CERT/CC) – this center of Internet security expertise, located at the Software Engineering Institute, is a federally funded research and development center operated by Carnegie Mellon University.

Manage Your Passwords – Password management utilities - an excellent article about managing passwords by Neil Randall

Password Crackers – an article about password protection, including the limitations and the dos and don’ts of password protection by Larry Seltzer

Windows Tips – Password-Protect Your Sensitive Files and Folders – another useful article by Scott Dunn

 

back to top

 
       


Home  | Feature | Sports  | Entertainment | Technology  | The Write Corner | Submissions | About Us Advertise
 copyright 2005 expressionmag.com  All rights reserved.