How to Protect Your Online Passwords

It seems so unfair: Though it’s difficult for us honest folk to remember all of the passwords to all of the sites and software we use, losing control of them is a big security issue. Here’s some advice to help you avoid two common security problems involving passwords.

Easy-to-Guess Passwords

Why You Should Care: Your passwords are the keys to everything you’ve locked inside.

Scenario: When someone broke into Alaska Governor Sarah Palin’s Yahoo mail account and published details that it contained, the incident drew public attention to a serious problem. You can generate an awesome, complex, random password for your Web mail account, but if the information you provide in the “secret questions” section of your online profile is obvious or easy to obtain, a bad guy won’t have too much trouble convincing the Web mail service’s password-recovery mechanism to hand over the password on a platter.

These days everyone has a LinkedIn account, a Facebook profile, and a Twitter feed, and these information middens make it all too easy to guess the answers to commonly used security questions such as the high school you attended or the name of your dog. You may have blogged about both of those things half a dozen times or more.

Fix: Use a password manager religiously, and back up your password files. Using Bruce Schneier’s Password Safe or the Portableapps.com version of the KeePass software is a good place to start. And once you’ve created a random, unguessable password, generate a second, different password in the manager to use as the answer to the inevitable “mother’s maiden name” question (or questions). Mom may not appreciate being identified in some password bank as Miss 7#BrE_r, but no one will ever guess that that’s how you listed her in your “secret questions” data sheet.

Password Protection With Public PCs

Why You Should Care: You may have to use dangerous public PCs in a pinch.

Scenario: While on a business trip, you check your e-mail at the PC in your hotel’s lobby. Here’s why you shouldn’t: It’s distressingly common for public PCs in places like schools, cybercafés, trade shows, and libraries to be infected with password-stealing Trojan horses. In many instances these public PCs are not closely monitored by their owners, so they tend to get infected often and to be cleaned of infections infrequently. And since scores of casual visitors use them to log into e-mail or other services, data thieves view these PCs as an efficient source of harvestable information, which they then sell to spammers and other unsavory types.

The Fix: If you can reboot the PC, your safest alternative is to carry a copy of the Knoppix bootable operating system on a CD, DVD, or flash memory drive; you can customize your build with up to 2GB of Internet tools, productivity apps, and utilities. But if you have to use the machine’s own Windows installation, you’re better off running your applications from a portable drive using the excellent tools available from PortableApps.com. This site hosts dozens of apps that have been “portabilized” so that they store all temporary files, cache files, and history on the portable drive itself.

To protect yourself from malicious software that may be lurking on a public PC, scan the machine with the portable (and free) ClamWin antivirus software, and carry your own customized (and portable) browser, office apps, IM clients, and secure file-transfer tools. There’s even a useful password manager tool; after all, PC World’s Security Alert blog recommends that you change, as quickly as you can, any password that you’ve entered while using a public PC.