Thursday, December 30, 2010

It's time to change the passwords!

If you've been looking at the news recently, you know about the fact that Gawker Media was recently hacked and a number of usernames and passwords were exposed. Gawker contains sites I love like io9, Lifehacker, Consumerist, and others so I was very mindful of this.

Especially since I tend to break the cardinal rules of passwords.
  • Use a different password for every site
  • Use a password that contains letters, numbers, caps, lowercase and a special character
  • Use a different username for every site
While I don't publize my usernames/passwords, one good hack in one place would leave me vulnerable.

This raises the question, "How can I fix this?" Any solution I come up with needs to fit the following criteria:
  1. Access everywhere
  2. Very complex passwords that I don't have remember
  3. Facilitate remembering username
I did some research and come up with what I consider to be a rather nifty solution.

First, the password/username manager.

After doing some research on Lifehacker and watching Tekzilla I stumbled over Keepass.

Keepass is a wonderful username/password manager that is available on Windows, Linux, Mac, iPhone, Android, and more. It allows you to create special password generation rules, saves different usernames, AND even has an "autotype" feature. You can read a full list of it's features here. There are even versions you can save and run off of an USB drive. The Android version provides a simple method to place the username and password to the various applets on the system. If they don't support it, you can copy/paste.

After using Keepass on a system you find you have a database FILLED with passwords and userids that are encrypted. Now what? You need to keep the version on your PC and the version on your phone (I use the Android version too) and other platforms in sync.

If you have an Android phone, it's trivial to copy the datafile from the computer you are on to the exact directory on the phone.

What if you don't have a smartphone or you don't want to copy files the hard way?

Look to tools like "Dropbox". You can place the password database on a tool like this and it will ALWAYS be in sync between different systems. Alternatively, you can save the DB in Google Docs. Just be sure you have a hardcore password! These solutions also allow you to sync the DB to your phone as well.

I always have an up-to-date version of the password DB whereever I need.

I hope this helps everyone to keep their online identies safer and hacker resistant...