Storing Passwords Securely


Remembering one strong password can be tough, but trying to remember 10 or more good passwords can be next to impossible. Between user account, web site, Internet service, and file encryption passwords, it's not uncommon for the average user to have anywhere between 15 and 20 username-and-password combinations to remember.

Certainly forgetting a required password can be a frustrating experience - it represents one of the main reasons why most users opt for the easy way out (using very simple and similar passwords) if given the chance. However, as you're now aware, this is an extremely bad idea from a security perspective, and increases risks to your personal privacy dramatically.

Thankfully, help is close at hand. On the logon user account front, Windows Vista includes a helpful feature that virtually ensures you'll never be locked out if you happen to forget your password. For all other user accounts (those for web sites, e-mail accounts, and so forth), a reasonable solution can be found in the form of secure password management software, programs that remember your passwords for you. Both of these helpful tools are examined at in more detail in the following sections.

Password Reset Disk

Understanding that users may occasionally forget their passwords, Windows Vista enables users to create a special floppy disk that can be used to reset user account passwords should they be lost or forgotten. Known as a password reset floppy disk, each user on your Windows Vista system should create one as a precaution, just in case the password is forgotten.

After a password reset disk has been created, any user who has forgotten his password can use his personal disk to reset his password. One key benefit is that users who reset their password by using the floppy disk do not lose access to their encrypted files, stored Internet passwords, and certificates, as they would if an Administrator reset their password in Control Panel or using the Computer Management tool.

Follow these steps to create a password-reset disk for your Windows Vista user account:

  1. Click Start Control Panel User Accounts.

  2. In the upper-left corner of the screen, click Prepare For A Forgotten Password (see Figure 3-6).

  3. Follow the steps in the Forgotten Password Wizard to create a password-reset floppy disk for your user account.

image from book
Figure 3-6: Create a password reset disk from User Accounts in Control Panel.

Caution 

After you create a password reset disk for your user account, label it appropriately (but not too obviously) and store it in a safe place. Anyone with physical access to your Windows Vista system and this floppy disk can log on using your username and change your password to whatever value he pleases.

Follow these steps to reset your user account password using your password-reset disk:

  1. At the logon screen, click your username and press Enter. Click the Reset Password link on the logon screen.

  2. Insert your password-reset floppy disk, and follow the steps in the Password Reset Wizard to create a new password.

Password Management Software

Instead of dealing with the frustration of trying to remember username and complex password combinations for different web sites, you may want to consider employing the help of a password management program. These programs are designed to help you create a username and password database for different web sites and services, remembering logon details for you.

A good password management program will enable you to store all sorts of username and password combinations, and protect the contents of its database with strong encryption. In most cases, these programs allow you to configure a master password, which must be entered before you can use, add, or change the user account settings it stores.

One great example of such a program is RoboForm from Siber Systems. This program (both free and paid versions are available) offers comprehensive password management capabilities, complete with strong encryption protection. It can be downloaded from http://www.roboform.com.

After you've installed it, begin by configuring a strong master password for the RoboForm database. When that's done, RoboForm will be integrated into your web browser as a toolbar, and will offer to save username and password combinations as they're submitted (see Figure 3-7).

image from book
Figure 3-7: RoboForm offers to save your username and password combination for a web site.

When you revisit a site for which a passcard already exists, RoboForm is capable of entering and submitting your login information (via the RoboForm browser toolbar) as shown in Figure 3-8.

image from book
Figure 3-8: RoboForm offering to submit stored username and password information for you.

RoboForm certainly isn't the only password management program available for Windows Vista, but it is amongst the most popular and easy to use. If you have trouble remembering your user account details, or have a tendency to use the same password for different accounts, then using a tool like RoboForm is highly recommended.

Caution 

If you lose or forget the master password associated with your RoboForm database, you will not be able to decrypt or gain access to your saved user accounts and passwords.

image from book
Strong Passwords To Go

Although storing and protecting your passwords on one computer with a free program like Access Manager may do the trick, perhaps you're a little more mobile. If you regularly log on to different computers at different locations, then you may want to consider a portable solution to the complex password issue.

In this case, portable comes in the form of a password management program that offers support for USB keychain or pen drives. These portable memory devices work with some password management programs, acting as an encrypted storage location for your usernames and passwords. With everything you need to access your logon details stored on a pocket-sized device, you can access them from any PC with an accessible USB port.

The Professional version of Access Manager 2 offers support for USB storage devices, giving you instant access to your password database from any computer with Microsoft's .NET Framework installed. The free version of Access Manager can be upgraded to Professional for a small fee.

Another program that will get the job done is RoboForm Pass2Go, available from http://www.roboform.com/removeable.html. This inexpensive program not only securely stores your usernames and passwords on a USB device, but also includes the ability to store your web site bookmarks and personal details used to automatically fill out web-based forms. That's secure, mobile, and handy.

image from book



PC Magazine Windows Vista Security Solutions
PC Magazine Windows Vista Security Solutions
ISBN: 0470046562
EAN: 2147483647
Year: 2004
Pages: 135
Authors: Dan DiNicolo

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net