Keeping Passwords Secure
April 9, 2010
When thinking about a resource to share this week, I browsed through my bookmarks and found this Gizmodo post about password security and remembered back to the very beginning of the semester, when Derek asked us to download Password Gorilla. Admittedly, the explanation provided goes a little over my head, but it is interesting to learn about how clicking “remember my password” can leave you vulnerable, since your password is then stored locally in an unencrypted format. Gizmodo’s sister site, LifeHacker, also has some great posts on passwords, including this one on how to create and remember strong passwords. It’s something I fully intend to get around to…someday!
Advertisements
4 Comments
leave one →
I downloaded password gorilla, had a hard time figuring it out, got frustrated, and deleted the whole program. I ended up with LastPass. I like it (especially the filling out forms automatically feature) but I admittedly don’t think I’ve taken full advantage of it yet.
It’s one of those things that I always say I’ll get around to concentrating on & then never do….maybe your post and the articles will motivate me to do it. One can hope!
Lori
Thanks for sharing the lifehacker article. Currently I jot everything down in a notebook old school, and so I have to dig it out every time I forget a password. It usually works for me until I misplace my notebook, so I’m going to try applying Trapani’s rule set idea.
This just confirms my suspicions about people trying to get information about me. I just use a physical log and keep it hidden.
Pundits tell us to use a different password for every site. But how is one going to remember heaps of passwords. What bugs me is that sites which use unencrypted passwords, do not warn you before you create a password. Then they send you an email with one of your favourite passwords in clear in the email.
For example the Information Management site (http://www.information-management.com/) did this to me. I assumed because they were a bunch of IT professionals they would keep my password secure. ‘Fraid not!
It would be great if the industry could adopt a standard way for web sites to advise potential customers simply and clearly whether the PIN or password they collect is encrypted or held in clear.
Does anyone know a site that warns how safe a site is in terms of its user access and general information security?