Readers tell hints, tricks to summon passwords

PLUGGED IN

July 20, 2006|By MIKE HIMOWITZ | MIKE HIMOWITZ,SUN COLUMNIST

From the volume and tone of the e-mail this week, a lot of you agreed with last week's rant about passwords - we all have too many to manage.

What I didn't expect was the number of suggestions readers offered for dealing with multiple logins. With thanks to everyone who responded, I'll pass these on:

In addition to the programs I tried out (RoboForm and Password Safe), several readers recommended a free, no-frills password manager called KeePass. Like Password Safe, this is an open source project, which means it's developed and tested by a community of programmers and well-tested by hackers.

KeePass is also makes life easy for those who work on several computers. The program will run from a USB thumb drive, so you can use it on your home, work or any other PC without ever storing your passwords on a foreign drive.

Just remember that if you lose the thumb drive, you're toast - unless you have the passwords permanently recorded somewhere else.

Web developer David Jourard, proprietor of BytesInteractive.com, has an interesting utility for traditionalists - a Web page that generates a strong, random password of any length, such as this 10-character brain twister: KiP8FS2V6t (visit www.goodpassword.com).

Passwords like these protect against break-ins because they're hard to guess. And, made up of random characters and numbers, they're less vulnerable to cracking programs.

What's really interesting is the care Jourard takes to make your password completely random. Follow the links from his Web page and you'll land on a couple of delightfully geeky sites that take this issue very seriously.

Random.org is a site dedicated to the pursuit of true chance (which is not all that easy to come by in an orderly world).

The site links to the equally arcane hotbits.com, which generates random numbers by hooking a PC in Switzerland to a Geiger counter monitoring the radioactive decay rate of a capsule containing a small amount of krypton-85.

Radioactive decay is one of the universe's truly random processes, so if you use it as the basis for a gadget that generates random numbers, rest assured that your final product - be it a shuffled deck of cards or a password - will be a chance affair.

The problem with random passwords, of course, is that no one can remember them, which is why people feel compelled to write this stuff down in the first place. Goodpassword.com attacks this conundrum with another utility - a Web page that generates a "Leet" password from the phrase of your choice.

If you haven't heard of Leet (from the word "elite"), it's a linguistic trick played by Web wizards and teenage geeks of all ages. They substitute look-alike or sound-alike characters for the real characters in a word or phrase.

In this parlance, "Leet" and "133+" are the same phrase. The number "4" can substitute for "A" and so on. Your kids probably use these tricks when they send text messages.

Goodpassword.com builds your "easy" password by taking the first letter of each word in your phrase and substituting a Leet equivalent, if there is one.

Let's say I choose Ralph Waldo Emerson's observation, "A foolish consistency is the hobgoblin of little minds." In real English, the password formed from the first letters would be, "AFCITHOLM."

But the Leet converter returns the password "4F(!+#O1M." Yes, it looks like gobbledygook, but it's considerably harder to guess or crack because the converter adds millions of possible combinations to the mix.

OK, that was a bit obscure. Among the more prosaic suggestions, several readers keep all their passwords in a Microsoft Word document that's encrypted and protected with its password - a utility that's built into the program.

To do this (at least in my version of Word), create a document containing your passwords, click on File/Save As, then choose Options and type a password in the box that pops up. Next time you try to open the document, it will ask for your password.

Once again, this will only be secure if you use a password that isn't easy to guess. And if you forget your master password, say sayonara to the rest.

Taking a slightly different tack, a colleague at The Columbian in Vancouver, Wash., says he uses an unencrypted Word file to record his passwords. But instead of writing the exact password down, he uses written hints that will remind him of the password without leaving a trail for snoops.

For example, the user name could be, "Frank's dog" and the password could be "Becky's cat." Once again, this assumes that no one but you knows the identity Frank and Becky's pets.

A third reader offers this variant: "My `code' is pretty simple. Let's say my master password is `jones,' but on some sites it becomes `jones25' or `52jones or `jonesbones' or whatever. On my list of passwords, I replace `jones' with the word `usual.' I know what it means but no one else does."

Finally, a reader offered this comment about the general state of password-mania:

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.