Avoid password fatigue with a password storage system

Password Management

Author(s):

Keeping track of all your passwords can be tricky. Kurt says: Keep your friends close and your passwords closer.

While I was writing this article, I ran across a great phrase so perfect for this month’s topic that I have to share it with you: “password fatigue” [1]. Because we all have multiple accounts with different usernames, passwords, security questions, PIN numbers, and whatnot, we end up with way too many passwords.

Often you can’t use the same username (e.g., because your name has already been taken or the system assigns a name), and you definitely should not use the same password (a compromise of one system would then let the attacker into all your accounts). As for security questions, you should never use “real” information (like your zip code), because this information is easily discovered and used to reset or recover your password from the service provider. To be safe, you need to choose a good strong password – different for each site you use. I personally have around 350 passwords, security questions, and so on, of which I probably use 50-100 on a regular basis. And it drives me nuts.

Read full article as PDF:

040-041_kurt.pdf (1,002.04 kB)

Related content

Comments

  • LastPass vs. password fatigue

    I've used LastPass (www.LastPass.com) for more than 2 years now, and IMHO its best-of-breed in the pwd-manager category -- it just works, and works securely, and works everywhere: I've installed it on all of our desktops and laptops for "native use", but when I go to a public (library) PC or at a friend's house or business, I can just login to their website and "use it remotely" (without installation). I've recommended and installed it on Macs, Linux and (even) Win for friends and colleagues without problems -- and they love it too.

    -- Lorin
  • Passwords

    350 Passwords ? are you for real ? there is just too much rubbish being written around Linux at the moment.
  • Use Password Gorilla

    Using Password Gorilla you can store your passwords encrypted with a single master password and relieve all of the "fatigue". https://github.com/zdia/gorilla/wiki

    Plus you can use the same program on Linux, Mac, and Windows, and it allows you to keep them synchronized with each other.
  • Password Compser

    I use password composer http://www.xs4all.nl/~jlpou...T/Javascript/PasswordComposer/ it just does an md5 sum on the root name of the website and a master password. So if you use "booger" as a master password and the site you are interested in is n1.amazon.com it does an md5 on "amazon.com:booger" and then takes the final 8 digits yielding 57a13875 as a password.

    So I maintain 1 master password that works for 297 out of 300 sites I use, each site gets its own password. There is a greasemonkey script for firefox. There is also a bash script as well as their webpage, Now I just have to remember one password and each site gets a unique password of its own.

    No password manager needed. Each site gets a unique password. I can use it anywhere.
  • LastPass

    Why did you not include LastPass in your article?
comments powered by Disqus

Direct Download

Read full article as PDF:

040-041_kurt.pdf (1,002.04 kB)

News