What’s Your Pet’s Name?

Such a casual question at party could have terrible consequences when you use weak passwords on the Internet. The best advice is to use a unique password for each account. If you spend all day online like me, plus a little more at home, you’ve probably garnered somewhere north of 50 or more accounts.

The question to ask yourself is which of those accounts are just fine for a hacker to slip into because you used a weak password? Probably none, right?

Just to put a little more emphasis on it, let’s say you use a reasonably good password for your account on Amazon.com and you liked it so much that you’ve used the same password when you had to create an account last week just to leave a comment on a blog. Now, let’s not get too blue and say that blog site was evil and successfully phished your password. Let’s just say the security was a little too low on that site and someone else happened to glean all of the e-mail addresses and passwords from that blog.

So now the bad guys have your password. What else can they get into with it? If you’ve been adhering to the rule, then absolutely nothing. If you’ve been lazy, then they just need to guess the username or e-mail address to your bank, your corporate Intranet, your social networking sites or anything else you use. Kinda bleak, eh?

How are you supposed to remember all of those passwords? Well some fine folks are working on that very problem with technologies like CardSpace and OpenID. That’s all well and good, but what do you do today with the accounts you already have? Start buying more Post-It notes?

Until you’ve got a better plan, start out by using a tool like Password Minder. Its free and available here: http://www.pluralsight.com/tools.aspx. This is a simple program written in .Net that helps you collect, organize and use all of the various passwords that make up your life. The data is encrypted into a single XML file that you can store on a USB key, copy to every computer you own or anything else that accepts an electronic file.

You can leave the program running all day, so long as you remember to lock your computer when you leave, or you can start and stop it every time you need to pull out a password. This program is great because its simple, it can be copied to any computer and its protected by a secure master password.

Here’s how it works:

1. Download and unzip file from PluralSight.com
2. Launch the program file name pwm.exe
3. Create your master password — this is what you’ll have to type every time you launch the application.
4. Add all of your usernames and passwords into the application; each password is unique, right?
5. Copy the data file to your other computers or keep it on a USB key for portability. This application is light weight and very portable.

Better yet, take a look at a short Silverlight video I made showing how to get started with Password Minder. If you’ve kept your computer current with Windows Update, then it should be no problem to use.