Managing internet accounts and passwords

View previous topic View next topic Go down

Managing internet accounts and passwords

Post by Gabethebabe on Tue 23 Mar 2010, 7:41 pm

Computer security is not only making sure that malware stays off your system. It is also preventing that your personal and financial data doesn´t fall into the wrong hands. Let me provide you with some advice on how to manage your internet accounts and passwords. Better to be safe than sorry.

  • Use strong passwords. They should be completely random and unguessable (e.g. not using words from a dictionary). The longer the password, the better. A 20-character password constructed of numbers and uppercase&lowercase letters and 12 million hackers, each hacker having 12 million computers, each computer making 12 million attempts per second need 12 millions years to try all possibilities
  • Do not use passwords for more than one account. Every account should have its own strong password.
  • Secret questions are security holes. If your password is superstrong, but your secret question is "My mother´s maiden name" and your mother has a Facebook account - you´re doing something wrong.
  • Do not use your personal e-mail account for internet accounts that are interesting to hack, like e.g. gambling accounts, Paypal, eBay, e-wallets like Neteller/Moneybookers, WOW, MTGO. If a hacker gets access to your e-mail account he only has to send a "Forgot password" e-mail and he will have access to your money. Use random e-mail addresses with random passwords. Nobody can hack your Paypal e-mail address if nobody knows what it is. I like gmail in this case, because e-mail clients like MS Outlook or Thunderbird can easily handle multiple gmail accounts.
  • Realize what people can do to you if your computer gets stolen. Especially if you have a laptop that gets carried around, meaning more risk of this actually happening. Do you autolog into anything relevant? Are your passwords written down in an unencrypted file? Are all your gmail accounts accessible through your e-mail client? (tip: move your thunderbird profile to an encrypted disk, e.g. created by Truecrypt).
  • Now strong passwords and impossible e-mail address may sound cool, but you actually have to type them out every time - that is tough. WRONG. There are various password managers available that are very useful. I´m using and recommending Keepass. Keepass is free, open source software, which makes it very safe. You can be sure that no exploits are hidden in open source code and you can be sure that the encryption algorythms have been verified by experts.

Keepass. What does it do?
Simply put: Keepass is an encrypted database that contains your account information. You will need to password protect it and with a single password to gain access to all your passwords. Keepass will need to store three types of data:
  • Title
  • Username
  • Password

The Title is needed for Keepass autotype feature. With a shortcut (default is CTRL+ALT+A) Keepass is told to look at the title of the active window, look that up in the database and subsequently type the username and password that belong to that entry. Example: if you enter the GeekPolice website with Mozilla Firefox, the FF windows title will be "GeekPolice.Net - Mozilla Firefox". If your GeekPolice account info is in the Keepass database under the title "GeekPolice", Keepass will recognize it and autotype username and password. Very easy! No need to type anything or copy/paste information. Only got to make sure Keepass is open and you login in less than a second into anything. This feature works for browers, but also for all kinds of windows applications that have a windows title.

Keepass is portable and can easily be carried on a USB memory stick. I always have one with me (my keyring) so I can log into my e-mail accounts from any computer without knowing any of my own passwords. Gotta make sure you do not lose all your Keepass databases or forget the master password, because that would mean unvoluntary self-exclusion from all your accounts. If you lose your keyring+Keepass database, you have plenty of time to change passwords, because the Keepass database is impossible to hack - the finder will need to bruteforce-guess the key.

OK - that was my story. I hope you found some useful tips in there!


Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Managing internet accounts and passwords

Post by Doctor Inferno on Wed 24 Mar 2010, 12:23 am

A recognized, paid alternative to Keepass is RoboForm, which is what I use.

Using password management software is always better than using the browser's built in one because of better encryption.

Please be a GeekPolice fan on Facebook!

Have we helped you? Help us! | Doctor by day, ninja by night.

Doctor Inferno
The GeekPolice

The GeekPolice

Posts : 12017
Joined : 2007-12-27
Operating System : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

View previous topic View next topic Back to top

Permissions in this forum:
You cannot reply to topics in this forum