If you are reading this then you are doing so from a device that is currently or was recently connected to the Internet. You are likely to have several accounts on several websites that allow you to do several things; you may access your financial information and pay bills via the Internet, you may borrow books from your local library, or maybe you log into your 9 to 5 from time to time from home.
The thing is, each of these accounts requires a user name and a password, and it can be a chore to remember which account has which password.
To solve this dilemma most people will write down all of their account info, which is fine until you lose the slip of paper or someone else finds it. Other’s create easy-to-remember passwords, but if it’s easy for you to remember then it is usually easy for someone to guess it.
In my 9 to 5 I deal with at least six passwords that I need to maintain. The systems I work on require that the passwords be changed after certain intervals and that they can’t be the same as any of my previous passwords. These systems also force me to make my passwords nontrivial, meaning that I can’t use a password that’s easily guessed.
At home, I have to maintain even more passwords. I pay bills online and each site wants unique account credentials. This is as it should be because these sites have my personal information on them, but maintaining passwords for all of them has been a real pain.
How do we make secure passwords that are easy yet hard for others to guess? I’m glad you asked.
I’ve been using a password creation scheme that lets me use any word or phrase as the basis for my passwords. I use a simple algorithm to encrypt my new password, thus making it tougher to crack. I have no illusions that the passwords I create are unhackable, but I know that the casual miscreant will have a tough time with them, and if it’s tough then maybe they’ll move on to easier targets.
Want to know my password creation scheme? Ok, I’ll tell you.
I start off by picking a word or phrase that I can likely remember, but is totally random. A good source for these words or phrases is song lyrics or poems, or even a passage from a favorite book. I then choose a word or phrase that is at least 8 characters long. Most security experts recommend that length as a minimum for a good password.
I then apply my scheme, which changes from time to time, but the basic idea is this: Pick two numbers between one and eight, these will be the “key” characters in the phrase. Now decide on how you want to encrypt your password. I usually swap numbers for certain vowels or consonants. I then decide what will be my key characters and change each instance of the first key character to upper case and swap the second key character for a special character.
I know that sounds complicated, but in use it’s actually simple. Here’s an example: Lets say I choose the first three words from the Beatles song, ‘Let It Be” for my password, which is “When I find.” I pick 2 and 8 for keys and change all vowel to numbers: a = 1, e = 2, and so on. Now my password looks like this: “wh2n3f3nd”.
That’s not bad, but it can still be easily guessed. Now we apply the keys (I’ll use the percent sign for my special character) and the password now looks like this: “wH2n3f3%d”.
Now that’s a pretty good password and once you get use to the algorithm it becomes easy for you to encrypt and decrypt and word or phrase and, in this case, all I need to is remember the first 3 words of one of my favorite Beatles tunes.
Again, this method won’t produce passwords that are uncrackable, but the passwords you do wind up with should slow down the casual hacker. To keep things mixed up I will change the sequence and characters used for keys. It makes it a bit harder to remember, but it adds another level of complexity and makes my resulting password harder to guess.
Now that you have a way of creating passwords you might find that storing them is no longer needed. I’m not so sure that’s true. If you have many different accounts with some that require passwords to be changed from time to time it might be a chore keeping up with which password goes where. Yet, it is still a bad idea to write your passwords down.
To address this dilemma, you could employ a password keeper; an app that will store all your account passwords in an encrypted area on your iPhone. There are many such apps available, but I found two that should fit the bill nicely.
Admittedly I haven’t played with these apps for as long as I would like to, but I have gone through most of the features so you should have a good idea if either of these apps are right for you.
First up is Meo Free. Meo (which stands for My Eyes Only) comes with a set of predefined categories in which all of your private data will fall into. You’ll find holders for your credit card numbers, account numbers, IDs, and even a place for your private notes. In fact you’ll find that each holder has specific information it looks for; the credit card holder, for instance, displays a long list of every credit card type. Why it needs to know which specific card is a mystery. The same is true for IDs; passports are listed for four major European countries and the U.S., but why stop there? If you’re going to list some why not list all?. Why bother listing them at all? Odd.
The free version limits you to a certain number of accounts per category (five passwords), and once entered it is encrypted using 512 or 256 bit AES encryption, depending on the field length.
What I like about Meo Free is that they claim that none of your info ever leaves your device, except when it’s backed up on your Mac or PC, and then it’s encrypted.
If you have to store passwords or other sensitive information Meo Free may be what you’ve been looking for.
If you need to keep track of more than five passwords then you might take a look at Keeper from Callpod. While the encryption model is not as strong as on Me ( 128 bit AES versus 256 and 512 bit AES for Meo), Keeper gives you unlimited password storage. You create the categories and folders, then populate them with your secret info-bits.
There’s also a variety of backup and restore options: You can store data locally on your Mac or PC, or send it off to storage offline. All data is always encrypted once it’s entered.
Of the two I like Keeper better, but try both and see which suits you.
Ok that’s a wrap for this week. More free stuff below with direct links.