Software that can create and remember different passwords for different sites

Do your passwords measure up? What makes for a good

password? Reconciling security and

complexity with usability. Comparison of popular password

manager applications

Using a single password for everything? Using your pet’s name for a password? Using your grandchild’s name for your

p/w? Using ‘password’ for your password? Using ‘123456’ for your password? Using your birthday for your password?

Article in Nov. 2011 issue of The Atlantic by James Fallow

http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/

Brought to the attention of NBCUG by member Susan Philibert

Tells the story of a real life password theft and the difficulties that ensued.

Any site that matters needs it own password

If you use an important password in two places, it is no longer a valid password

Any step up from ‘password’, ‘123456’ or your birthday or pet’s name is worthwhile

Problem – stronger passwords tend to be complex, hence harder to remember.

Length – eight or more characters Complexity – letters, numbers,

punctuation, symbols Variation – change passwords often Variety – different passwords for

different sitesHackers steal passwords from poorly

secured sites and then try using them in more secure environments (e.g. banks)

No dictionary words – ANY language No common abbreviations or

misspellings or words spelled backwords No sequences or repeated characters,

e.g. 12345678, 22222222, abcdefg, qwerty

No personal information – name, birthday, phone, driver’s license

Bad Password: Banana

Good Password: 5.ytT#0_xn0ATzQVN|_yeGk2+0vFC2]ndZ

Great, but who’s going to remember that, especially if you use a different p/w for every site????

Password managers ‘remember’ your passwords

Password managers allow you to use different passwords for each site

Password managers can generate strong passwords.

Password managers can link the site to the password and call it up automatically

PassWordSafe – Elliott Alterman

LastPass – Ellis Miller KeePass – Michael Sagaser Ascendo DataVault – Jim Cason

Roboform – Wayne Maruna

Siber Systems is a privately-held company, incorporated in 1995 in the Commonwealth of Virginia, with offices in Germany, Japan, and Russia.

Five versions:Free trial – limit 10 passcardsRoboform Desktop for Windows – one-time

buy, free minor updatesRoboform Desktop for MacRoboform Everywhere - use on multiple

computers – free major updates - syncs to each PC you’ve installed.

Roboform2Go – extends Roboform Desktop or Roboform Everywhere to a portable USB drive

From Fred Langa’s column in the 3/22/12 issue of Windows Secrets:“In the case of RoboForm (and most other

well-known, Cloud-based, password-storage services), your data is stored on their servers in well-encrypted form. This means that even if someone hacks into RoboForm's servers, he'll see only strings of nonsensical characters — nothing plaintext.”

From Fred Langa’s column in the 3/22/12 issue of Windows Secrets: “RoboForm and similar services don't store

decrypted passwords anywhere on their Cloud-based servers. When data is transmitted between your device and their servers, it's sent and received in fully encrypted form. Someone successfully eavesdropping on your communication link will, again, see only a stream of gibberish — nothing plaintext. Encryption and decryption take place only when you command it, and only inside your local device.”

From Fred Langa’s column in the 3/22/12 issue of Windows Secrets:“The final concern is the communication

channel itself. Better services — including RoboForm — employ SSL encryption (just like most bank sites) to further protect all interactions with their password-storage servers.”