Other
Commentary
4/28/2004
03:30 PM
Fred Langa
Fred Langa
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Langa Letter: How To Safely Store And Manage Passwords

We all struggle with keeping and securing passwords for the various accounts and systems we access. Here are 17 reader-recommended free and low-cost password-storage solutions, plus two more from Fred Langa.

Every so often, a topic emerges that hits an unexpected hot button among readers and generates a flood of responses.

One such hot button was the seemingly innocuous "Safe Storage For Passwords" discussed in a recent newsletter. A huge number of readers responded to that item. Apparently, we're all juggling so many passwords at work and at home that safe and secure password storage has become a real issue.

For example, look at the reader note below--the one that started the discussion: He travels for business and must access numerous password-protected accounts from various PCs at his main office, at remote locations, and at home:

"Hi Fred, I have a question about password security. As you know, most people (at least the ones I know) have several locations at work and at home that require you to logon. I happen to have 142 places that require my login ID/password. These range from the company ERP database, to my online banking account, to the Pizza Hut online order. Most of my coworkers try to use the same password for everything. This way they can remember it. That is a security disaster. They use things like birthdays or their pet's names as passwords, which is also a security risk.

"I have been using a Login ID and Password storage/retrieval software for about 3-4 years. It was previously called Passwords Plus and is now called Passwords Max (shareware; $20).

"[My employer] has turned its head and not yet given me any problems for installing Passwords Max on my work PC, however the hard-line company policy is that we aren't allowed to install unauthorized software on any company asset.

"Passwords Max is great and stores your password database in encrypted format. It has lots of neat features and works just fine as long as you can work at one PC and do not need portability.

"But my job has recently changed and I now travel. Last week, I had to print out a hard copy of my passwords to carry in my briefcase while working at a company site in Mexico. I am guilty of poor security practices, too, and realize this is also extremely poor security because all my passwords were in plain text. Had I lost that 8-page booklet of passwords, anyone could have gotten into my checking or retirement accounts and cleaned me out. I do not yet have a laptop PC so I used a visitor PC while in Mexico.

"Can you or any of the other readers tell me if there is a password storage/retrieval tool that I can install on something like a USB pen drive? I would like to find one that encrypts my password database so no one could access it if I accidentally left it plugged in the USB port. I am looking for something that doesn't require software to be installed on the [PC] so I can stay in good graces with the company. Any ideas? Thanks, Sam"

My initial reply to Sam was brief:

All the auto-fill-in password tools I know of (I personally prefer RoboForm) require at least some minimal level of installation so the software can watch for places that require a login or password. I suppose you could put the setup files and data files for the form-filler of your choice on a pen drive, install it at the start of the business day, and uninstall it at the end of the day. This would violate the "no installed software" policy, but at least would make no permanent changes to the company's PC, and thus might be granted an exemption.

"We've actually covered using a pen drive for encrypted storage of Roboform data. But this still requires that at least a little software be installed.

"A simpler, no-software solution might be to store your passwords in an encrypted text file on a USB pen drive; or even on a plain old floppy disk. You can use 256-bit AES encryption with WinZip, for example, and there are plenty of 100% free encryption tools out there. Cryptomathic's free File2File provides nearly effortless 128-bit AES encryption, for example. An encrypted file wouldn't automatically fill in login/password boxes for you, but would at least serve the same purpose as your paper printout did, but with much less risk and with no software installation required. A floppy version (as opposed to a USB drive version) also has the benefit of being nearly universally supported, as almost all systems have at least a floppy drive."

I thought that was that--but I was dead wrong. Soon, a veritable flood of great suggestions poured in from other readers. Here are the most recommended additional solutions, ranging from ultra simple to the more complex; and from the free to the commercial. No matter what your security needs or your company's restrictions on external software, there's bound to be a solution here you can use:

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.