Mastering passwords

It's been quite busy and still am with all the recent changes in my life. Not to worry...no major ones like a baby or anything...honest! But after my last post more then 3 months ago I haven't had much time for blogging as my new job keeps me quite busy which is a big change in rhythm in comparison to backpacking. Besides the job I've been apartment hunting in Rotterdam for a while now and that has finally paid off. Yes that's right I finally found an apartment. So I've been settling in a bit but more on that in another post...maybe.

Another thing I wanted to mention was the blog post I made about not following news for over a month. I don't want to dedicate an entire blog post for an update on that so I'm going to use this post for a short one. Like other experiments I've done in recent years this one worked out very well. I read more because I spend less time on the news. Sure I'm not up-to-date on everything but most of the news that's really important gets to me in other ways, like people I follow on Twitter but mostly via colleagues and friends. Blocking out news entirely is also impossible and I don't go around doing that but when I see one of those free news papers when I commute to work I don't pick it up. I keep to reading my book. And in the last 8 weeks I've finished book 3 and 4 of A Song of Ice and Fire, Freakonomics (Thanks Vin for lending it to me), A Brief History of Time by Stephen Hawkings and currently reading the fifth book of A Song of Ice and Fire. So I'm finally getting around to all the books I have been on my reading list for ages. So weird to think that when I was kid I hated reading but thanks some teachers at a certain school (you know who you are) that changed. I guess they had a lot of impact on me. Suffice it to say I like not watching the news, at least for now.

Another thing I'm currently working my head around is quitting gaming on my pc entirely. Although I haven't played any games since I traded my desktop pc in for a netbook due to travelling. But I do spend a lot of time in front of a computer. I would go so far as to say besides work I probably spend 20-25 hours a week on my computer. So that's something to think about. But games like Skyrim and Battlefield 3 are very tempting.

But lets get to the main subject. Passwords. Passwords? Yes passwords, those necessary jumble of characters consisting of letters either lower or higher case, numerals and sometimes even specials characters. Short from people that live without any technology whatsoever everybody has to deal with passwords. It's a necessary evil in the online world of today. Managing these things is hard. Everybody however needs to and most of the time they do it badly.

These days website are hacked often and their user database with credentials (login & password) compromised. You can have the strongest of passwords but in a case like this it a matter of how securely your password is stored by this website. Do you really trust the administrator to do this correctly? Although that doesn't even matter much. Just think about it. Say a website you use is compromised. It's uncertain if the hackers took any user data but this is like saying somebody got your house keys without actually having used them. What would you do? Change the locks & keys right?

Now back to the passwords. Say you use the password for this website on other websites. You'll have to change all those passwords because the hackers could actually have access to all those websites that you use the same credentials for. This is why it's amazingly stupid to use the same credentials for every (or even some) websites. But on the other hand having an unique password for every website is unmanageable or rather a pain in the arse. So what to do, there has to be a safe way to surf the web without using the same password everywhere and also have ease of mind with handling every password you would need.

Of course you could opt for using some unique passwords for sites that are important like say your e-mail account, social media, banks, etc and use the same password for the other sites that you don't really consider important if they are compromised. But then again how do your remember all these sites that you have a login for to begin with. I for instance have over 250 accounts, some very important like my e-mail account and some not so important like webshops. You could of course put every password in a textfile on your computer, but how secure is your computer. It could get infected with malicious software that is designed to look for that password file you put hours into. So you need something that encrypts that file somehow to make it more secure. This is where a password manager comes into play.

A password manager uses an encryption scheme to obscure the file that contains your passwords. This way you can't just open the file and read the passwords but instead you would be looking at gobbledegoo if you did. To unlock or unscramble the file you use a master password. This password is quite important because it protects your password file and with it all your passwords so this should be a very strong, difficult and unique indeed. And you need to remember it! But you would only need to remember this one (master) password. And the rest of your passwords can be really strong without the added stress of having to remember them.

Now you understand the fundamentals I'll mention two password managers. Lastpass (check out the video on their website for details) and Keepass. The first is an online password manager, the latter is offline. Both have pros and cons but I will not go into that beyond to say that you have to trust the good people of Lastpass for storing your passwords properly. Keepass is something you will have to run on your computer as it is an application rather than a webapp like Lastpass. If you really must have access to your Keepass password file at all times you could use Dropbox.

Another recent online development is two-factor authentication. In simple terms it breaks down to an extra level of authentication besides login name plus password. This extra level works via a text message to your cellphone which contains a unique code that you need to use as extra input when logging in from an unknown device/computer. Facebook and Google are amongst the first to start using this method.

So now you are a bit wiser in the land of passwords and how to manage them it's time to beef up your security with stronger passwords and a better way of storing them!

Sources: