Consulting Journal: Resources

Resources: Passwords

by David Blakey

Passwords are important resources. There are different kinds of passwords and you can handle them differently.

[Monday 5 January 2004]

We need passwords on the Internet for a variety of purposes. Some passwords are ‘low level’: it would not matter if someone else obtained them and used them. An example of this is the ID and password used for websites that publish articles and white papers. You have a password for these sites so that the site owner can track which pages you visit. The site owner may then use this information to offer you content that is targeted to your interests.

There are also ‘high level’ passwords. An example of this is the password used to for online banking. These passwords need to be kept secure. Banks usually insist that you use a unique password; that the password is not something obvious, such as your date of birth; and that passwords contain a mix of alphabetic and numeric characters. They will also usually make it a condition of use that you do not write your password down.

Here are some considerations for saving your passwords.

Cookies

Some websites will write cookies into a file on your computer. This is usually only done by those sites that use low level passwords. It is highly unlikely that your bank will set a cookie on your computer.

A disadvantage of cookies is that they are stored on the computer. This actually produces two disadvantages. The first is that, if your cookies are stored on one computer, you cannot use them if you use another computer. You will have to have your passwords noted somewhere else, so that you can log in on the second computer. The second computer will then be able to store the passwords as cookies.

The second disadvantage of cookies is that you might store them on a computer to which other people have access. These people will then be able log in to those websites, using your cookies.

Cookies can be destroyed. Installation of a new browser may overwrite your cookies file. This may occur if your browser can be re-installed over a network.

Paper

Keeping your passwords on paper has the same disadvantages as keeping them in cookies. You need to have your notes with you when you log in. Other people may see them. You may lose them. In addition, some banks may not accept liability for other people accessing your accounts if you have written down your passwords.

Memory

How well you can use your memory depends upon how good your memory is. If you have a poor memory, you may be able to remember only a few passwords. As a result, you may use the same password for several different websites. Also, your passwords may be too simple. It is easier for me to remember a password such as djb2208 than it is for me to remember one like ek5lr97, although the second one is far more secure than the first, which is a combination of my initials and birthday.

Software

You can use software to store your passwords. There are several good password programs available, some of which are freeware. Some of them will generate new passwords for you and then save them, so that you will not need to see your passwords. The programs will be themselves protected by a password, and you will then have to remember only that one password, which you can make as complex as you like.

The disadvantage of using software is that your passwords will be stored on only one computer. You may be able to send your password file to other computers by email or to replicate the file across a number of computers. This will not help, however, if you need to log in to a website from a computer that you do not usually use, especially as you may have no idea at all of any password if it has been generated by your password software.

Websites

There are some websites that will hold your passwords in the same way that password software does, so that you will need to remember only your userid and password for the site that holds your passwords. As well as the risk of someone breaking into the site and stealing passwords, there is also a risk that your userid and password will be available to other people who use the same computer. If you use someone else's computer, be aware that they may have software on it that records your keystrokes.

Recommendations

Decide if each new password is a high level or low level password. I do not see any problem with always using the same password for every low level password. I also do not see a problem with using a simple word for this password. Consider the situations that are really low level. They include sites where you read white papers, sites that offer freeware, and any other sites that do not hold personla information about you and where you do not make purchases. If someone else obtains your password for these sites, then it really will not matter.

For high level passwords, my advice is exactly the opposite. Do not use the same password twice. Do not use a password that can be easily deduced. This is when password software can be useful. It can store your passwords and it can generate your passwords. You need never know what your passwords are, except for the one password that you need for the password software itself.

If you travel around and need to have passwords available to you when you are on other people's computers, then consider storing your passwords on a PDA. Make sure that the PDA has password protection, in case you lose it.

Avoid using high level passwords on any other computer except your own. I would never consider logging in to my bank accounts from any other computer except my home computer. If you make a list of sites that require a password, you can divide them into low level, high level that you would use anywhere (which I shall now call ‘medium level’), and high level that you would only use from home. You may find, as I have, that there are no entries under the list for medium level passwords. This makes life easier for me. All my high level passwords stay at home, protected by the password software. I can remember the few words that I use for my low level passwords.

[ List articles on Resources ] [ View printable version ]