Yesterday at http://www.techsupportalert.com/content/how-choose-strong-password.htm I talked about how to choose an uncrackable password. Today, as promised, I'll cover the thorny problem of how to keep all your passwords safe and secure.
The problem is an obvious one. If you're like me, you probably have dozens of passwords for all the different web sites you use. Taking into account all the systems I look after as part of my day job too, I probably have over 100.
But how best to manage them all, without choosing simple passwords or writing them down?
Here's how I do it, and how I advise others to do it.
To start with, choose a simple password and use it for all the sites which, if someone found out your password, really wouldn't matter. For example, if you need to register online in order to download a free program, or to enter a competition, and so on. This will take care of a lot of the passwords you need to remember.
Now to deal with the other passwords, for all the non-trivial systems where it would be bad news for someone to know your password. This includes all sites and systems that allow access to personal information about you, or which handle online payments.
The first rule is that you must always use a different password for each such system. Otherwise, if someone discovers your password on one site they can use it on others. The second rule is that there should be no link between your passwords, otherwise it's easy for someone to work it out. If your password on Amazon is Othello, don't use another Shakespeare play for any of your other passwords unless you don't care about keeping them secure.
Rule 3 is that your passwords need to be strong. See yesterday's article (link above) for details on how to do this.
But how to remember all those strong passwords without writing them down? The key is to write them down in an encrypted database on your PC. Now, the only password you need to remember is the one for the encrypted database, which then allows access to all the others.
The simplest way to do this is to use a password manager which was designed for the job. Two of the best known, and most widely trusted, are KeePass and Password Safe. They're both free, and I'd recommend that you try each of them.
Don't be tempted to use the password protection facility built into your favourite word processor or spreadsheet in order to store your passwords in a protected document, by the way. While such features will keep out casual intruders, they are not sufficiently secure for storing something like a list of passwords. The page at http://www.elcomsoft.com/aopr.html will show you why.