You Don't Need a Perfect Password

Given enough time, ingenuity, equipment, and resources, virtually anything can be hacked into. The truth is, there is no such a thing as a perfect password. Many burglars admit they don’t bother with the house that has all the security. Why should they when a house two blocks down has none at all? The same is true of computers and passwords. None are perfect, but hackers have too many easy marks to risk invading a computer with even adequate protection.

An anonymous hacker explains his process for getting your information as follows:

You probably use the same password for lots of stuff right?
Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
Once we’ve got several login and password pairings we can then go back and test them on targeted sites.
But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache.

The hackers point here is simple; you must use different strong passwords for every on-line account your access. Use anything remotely close to your banks password to order a pizza and you have greatly increased your risk of being hacked.

The same hacker offers the following hints for creating strong passwords.

Randomly substitute numbers for letters that look similar. The letter “o” becomes the number “0,” or even better an “@” or “*.” (i.e. – m0d3ltf0rd… like modelTford)
Randomly throw in capital letters (i.e. – Mod3lTF0rd)
Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
Maybe a place you loved, a specific car, an attraction from a vacation, or a favorite restaurant?
You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
Since it can be difficult to remember a ton of passwords, use some kind of password vault.

A password vault refers to some system to store all of your strong passwords where they can be accessed whenever you are shopping on-line. Some of these tools are free while others have a minimal cost. Here are some of the best.

Firefox Sync

Beginning with Firefox 4, Sync is an integrated feature that install automatically with the web browser. Sync is free and stores all of your browser tabs, bookmarks, and passwords. One of the advantages of this approach is that your information is available to you on any computer than has Firefox installed. Login with a master password and all your information is there for you. When you logout all your personal information is gone. There are also apps for iPhone and Android devices, making this a truly universal and mobile tool. If Firefox isn’t your primary browser, you may want to choose other options. If Firefox is you browser of choice, this is a great way to go that cost you nothing but a lot of peace of mind.

LastPass

LastPass is a cross-platform password manager that stores all of its data in the cloud. Like Firefox Sync, your passwords are stored on a remote secure server and available to your from virtually anywhere. It works on Windows and Mac and in every major web browser. LastPass can automatically save your logins, help you generate safe and secure passwords, and automatically fill in your passwords when you visit a site.

LastPass is free for PCs and $12 per year for mobile apps.

1Password

1Password enables you to manage, create and securely access passwords from a Mac, PC, iPhone, iPad, or Android device. This tool costs $39.95 or $59.95 for five users. It can be installed as many computers and devices as you desire. Plugins are available for Internet Expolorer, Safari, Firefox, and Chrome, allowing you to pull up passwords and form information from within any browser.

When you’re on a website and you create a new account, 1Password prompts a user save that account to its database. When set up properly, the user will never have to reenter that information again. A big plus is the password generator that lets you create robust passwords of a length that you choose. You can generate a password for an account and then automatically save it.

1Password saves all of your passwords and login information into its own secure database that is stored on your computer. It also syncs with Dropbox, a free service that allows you to copy all your information in the cloud. This makes your 1Password information available to you from whatever computer or device you might be on.

RoboForm

RoboForm is similar to 1Password, but only for Windows users. It works with Internet Explorer, Firefox, Google Chrome, Safari, and Opera via a bookmarklet. RoboForm also has mobile apps for Android, iPhone, BlackBerry, and Symbian. You can even run it off of a USB drive, which is great for users who want a way to keep their passwords with them and use RoboForm on various computers they use, but don’t want to have to install a program on each of those computers.

You can also use RoboForm with Dropbox, which makes using it across machines that much easier. RoboForm is $29.95 for a single-user/computer license, and you can get RoboForm with two computer licenses for $39.95.

Whichever option you choose, the overall message is that it is important to keep your passwords strong and safe. Don’t be an easy target for hackers!