Tuesday, January 12, 2010

Some thoughts on password security for laptop (and smartphone) owners

Just read a good article at Lifehacker on the risks of allowing your computer to save your passwords:

Your Passwords Aren't As Secure As You Think; Here's How to Fix That - Passwords - Lifehacker
If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you're properly encrypting them—and chances are pretty good you're not. Let's walk through the right and wrong ways to store your passwords.

For the purpose of this article, we'll assume that the people you allow into your house are trustworthy enough not to hack your passwords, and your laptop has been stolen instead—but the tips here should apply to either scenario. Regardless of how you choose to save your passwords, you should make sure to use great passwords and even stronger answers for security questions.

The article discusses in some user-friendly detail the risks of allowing Firefox, Internet Explorer, instant-messaging programs, and other software to save passwords for you.

I use the free LastPass Password Manager to store my online passwords for everything except my bank (I don't do online banking yet -- the risks are IMHO too great) and credit-card accounts (where my risk is at most $50/card), and I have a very long, complex password for LastPass.

I also use an encrypted password manager in my PDA -- Yaps V2.5 for Palm OS -- and I recommend that anyone storing passwords in a phone or PDA use an encrypted password store. There are some real snake oil password-encryption products out there, so please do some research before you purchase anything.

No comments: