Passwords

(Updated)

Passwords – We all hate dealing with them, but the fact is they are necessary. Banking websites, forums such as Ft. Hard Knox, social networking websites like MySpace, Digg, and others – All of them require you to create an account, using your email address and probably a username coupled with a password.

But let me ask you this: How secure are your passwords?

Just the other day, I got a request to join a social website called Quechup [big smile at Jenn Sierra ]. After purusing the site a bit, I decided to create an account. Email address, of course it wants it, and a seperate user name too, but then (queue dramatic music) it wants you to use a password. What do you do to come up with a password?

Let me take a wild guess…you use the same password that you login to windows with, or, worse yet, you use the exact same password you have on your email account!

Don’t worry, you are not alone. I have seen many many people do this and its a severe security problem.

Ask yourself, how well do you know this site? If you are just signing up, its probably brand new to you. How do you know that on the back end of the website, deep in its bowels, its not taking your pass word and storing it someplace that a select few (or even every Thomas, Richard, and Harold) can access either intentionally or accidentally?

“But Zap”, you say, “its using secure encryption! I see the little padlock icon down at the bottom of the screen!” And you would be half right. That lock encrypts (secures/scrambles/protects) the information as its transfered between your browser and the web server’s software. But it in no way guarantees that the information you entered is stored on its file system in any secure fashion.

Let’s say you sign up for a website in order to post some messages and exchange ideas. You made the big mistake of using the same email/password combo that you use everywhere else. Now lets say that, as often happens, the ideas you express on your newfound site flow against the grain of the moderator of the site.

What’s to stop him from grabbing your email/password info and pulling some shenanigans with your email?

Nothing if he knows what he is doing and doesn’t tip his hand to you that he’s accomplished this. Email is a gateway to other things, bear in mind. Online banking, and other services use your email to notify you of things that you don’t want in someone else’s hands.

If this scares you, and it should, there are many things you can do.

• First and foremost, never use the same password as what you use for your email/windows/other prime accounts. Its simply too easy to put your (already known at this point) email address together with your password to gain access to your email.
• Can’t remember all those passwords? Well, that’s ok. Here is a terrific tool: KeePass Password Safe* – a really handy tool for keeping track of and even generating passwords.
• There are other software programs out there as well, and a Google search will turn up lots of ways to manage the dreaded password.

*I am in no way affiliated with the developer of KeePass Password Safe, or any other software developer.