Tips & Tweaks: Keep It Secret, Keep It Safe

Are your passwords still secret? How long do you think they'll stay that way?

I'll bet you've put at least one of your passwords--the one you use to check e-mail--at tremendous risk. I just did, and here's the story.

Passwords in Peril

Last month I flew to Harlingen, Texas; it was the starting point for a birding expedition into Mexico.

The motel had two miserably slow PCs in its combination bar, lounge, and business center. The good news was I could send an e-mail across the room to the bartender's BlackBerry asking for another beer. The bad news was he'd never heard of Anchor Steam, so I had to drink lite beer.

The even worse news was the reason the PCs were slow. Both systems were infested with God only knows how many spyware and keylogger programs. And just as risky were the Internet cafes I used while in Mexico.

How do I protect myself in these situations? My strategy is simple: Before I leave home, I change my EarthLink password. When I get home, I change it again. This way if a keylogger captures my password it won't be good for very long. Sure, I know, someone may have access for the week or so I'm on the road.

One other thing--if you're using a public PC, for goodness sake, log out of your e-mail account when you're done. Just last week I was at a hotel in Palm Springs. A guy walked away from a machine, and when I sat down, I was astonished to see that I had full access to his e-mail account.

Dig This: Keep the little guy in Pendulumeca in motion and avoid getting caught in the jagged teeth at the bottom. You won't find any rules (in English, anyway), so you might want to watch a SnagIt video I cooked up.

Toughen up Your Passwords

I was watching a buddy of mine create a password. Not once did she use a number or a symbol (like & or %). That's crazy. Given that I know her well, I probably could have guessed her password. And even if I couldn't figure it out, it was so basic I could have gotten it in a jiffy with any one of a dozen free hacking tools.

Here's my advice: Change each of your critical passwords, and this time use a combination of symbols, numbers, and punctuation. And if you have a file with 26.5 million Social Security numbers on your notebook, make the password case-sensitive.

No idea what I'm talking about? Read "Agency Loses Data Containing Veterans' IDs" and be amazed.

Dig This: I love wildlife, but I hate squirrels--especially when my tomatoes are looking good. IMHO, squirrels need to be tormented whenever possible. If you agree, you'll get a kick out of this 1.5MB self-running video. (Yes, it's an executable, but it's safe to run. To download the self-running video file, choose Save; to run it immediately, choose Open.)

Dig This, Too: Here's the same squirrel getting sweet revenge--and no, the video hasn't been doctored.

Generate Great Passwords

I don't expect you to be able to create good passwords on your own. I can't, either. But we can use programs to do the job. The WinGuides Network has a Web-based tool that gives you lots of options.

That should be all you need, but if you want another, try Steve Gibson's Perfect Passwords.

Me? I use RoboForm. In addition to creating passwords, the program remembers them for me. Hands down, it's the best tool for storing all your user ID and password data for Web sites.

When you visit a site, RoboForm automatically inserts everything that's necessary. And yes, access to RoboForm can be password protected, so it's safe to use at work. RoboForm is compatible with IE, Firefox, Mozilla, Netscape, Maxthon, and most other browsers. You can grab a trial version of the $30 program from our Downloads library.

RoboForm's got a USB version of the program. Pass2Go acts just like RoboForm does, but it's stored on a USB drive. That lets you use someone else's PC and not have to remember your passwords. And they stay on the USB drive, so there's never a risk of anyone on the host PC seeing them. You can download a free trial version of the Pass2Go software from the RoboForm site. The Pass2Go USB key costs $10; the software license is another $40.

Dig This: I know where it starts, but can't find the ending. But it doesn't matter--Jenova Chen's flOw is an interesting diversion, with soothing music, that's especially valuable if you're having a tough day at the office. Use your cursor to move around and gobble up squiggly things.

Steve Bass writes PC World's monthly "Hassle-Free PC" column and is the author of PC Annoyances, 2nd Edition: How to Fix the Most Annoying Things About Your Personal Computer, available from O'Reilly. He also writes PC World's daily Tips & Tweaks blog. Sign up to have Steve's newsletter e-mailed to you each week. Comments or questions? Send Steve e-mail.

Subscribe to the Security Watch Newsletter

Comments