When you create an website account and give someone your password you are entering into an unwritten agreement with them that says they will keep your password safe and their network secure. This includes encrypting the password in their database so that if a breach occurs, the passwords are still protected. With the most recent examples of poor security on commercial websites I decided it was time to revisit my password scheme.
I treat passwords differently depending on the website I’m using. Some passwords are for websites that I don’t necessarily care about, others like banking and financial sites I use a stock set of unguessable passwords. The throwaway passwords are fairly unique but follow the same algorithm so once someone guessed one it wouldn’t be difficult for them to go around to other sites, guessing others. The important passwords I generated years ago and only are used on sites where it’s critical for me to keep my private information safe. The problem with my super secret passwords is I only have a few I can remember. If their is a security breach on a website than these passwords I am opening myself to potential theft.
The key for me was finding a way to creating unique secure passwords. I googled and came across three great tools for helping me with this.
The first, SuperGenPass, is a password generator that works inside your browser via a bookmarket. With it, you only have to remember one password. It will use that one password to generate unique passwords on each website you visit. It uses a mathematical formula to generate the password. However, it’s one-way so that someone can’t apply an inverse equation to get your original password. I’ve tested this on the three major browser (IE, Firefox, Safari) and it works great.
The second, Passpack, is an online password manager. Sometimes it is necessary to generate passwords that SuperGenPass can’t handle such as PC logins, bank PINs, etc. Passpack allows you to store them safely in an online vault so that you can retreive them from any PC.
Finally, the third is not so much of a tool as a methodology. You must have a great unguessable password in order to protect your identity. Most people can’t create their own unique password. Using computer based random password generators are ineffective because computers are deterministic and can’t really generate true random numbers. Diceware is a website that shows you a process to follow to create truly unique passwords.
All of these tools will help you get a handle on securing your digital identity. At a minimum, a combination of SuperPassGen and a password generated via Diceware will offer more protection than most people have.