Tuesday, July 29, 2008 at 6:00AM
Image via Wikipedia
Yesterday during a conversation about the web site development I was asked about a password management product where all your passwords are stored on a USB thumb drive. Apparently a few companies are making the USB drives with fingerprint readers as well. This is an interesting question because like many, I have my own theories on the storage of passwords, and even on passwords and security in general. And you will forgive me for not committing them to pixels in this post.
Because I work in the security industry, I'm very conscious of the importance of passwords and their security. I tend to move away from systems that mass store them in one place. On the other hand, my years in the IT industry has left me with a lot of passwords and a number of methods for remembering and creating them. But that was my job, today everyone who has or wants an online/web 2.0 presence is probably in the same boat, so I can see the viability of the above technology for password management.
I though I might investigate a couple of ways of managing passwords, and see what is available and what works.
The question above was asked about a USB Drive, with fingerprint access, so I'll start my quest here. I'm not a big fan of fingerprint readers, biometrics in the movies is cool but in the real security world, biometrics is a gimmick that creates problems when used on a large or small scale.
For those not familiar, a fingerprint scanner allows you to use your thumb or forefinger as a password on a device. A number of laptops are coming out with them as a way to lock the machine and screen. Most of the scanners I have seen are a swipe, or a press on a special area.
The main problems with this tech are:
- If there is any residue, oil, impression, or dust left by the last use of the reader, it can effect the next attempt, causing failure.
- To get around the above, the sensitivity is turned down, and anyone can get in.
- Of course, you can always it the way they do in the movies, as long as you get the right finger and remember to put it on ice.
If the above doesn't deter you, and you don't lose things, then a USB Password Management system may be the go for you. Although, I did have trouble finding many name brand fingerprint protected USB Drives, so you may be waiting some time to get your hands on one. Sony do a Microvault 128MB with Fingerprint security but I couldn't find any Australian pricing, I'll have to do the retail rounds and see what turns up.
Another option might be to use a normal USB Thumb drive, as they are cheaper, and software like RoboForm2Go USB Key or Handy Password. These guys look like they throw in the steak knives as well, also grabbing personal info like addresses, bookmarks and passwords so the details can be carried around with you from home to work.
You can also use the above software stand-alone to manage your passwords, and there is the open source KeePass if you need a nice simple freebie. If you are a Mac user then I would say that 1Password would be the program of choice, there isn't much you can't do with 1Password, including porting the info to your iPhone, because we all have an iPhone, don't we?
Although not my thing, password management seems to be a growing tech, so I'm sure there is going to be more to come. We may find ourselves squinting into our laptops or mobile phone cameras soon just to turn off the keylock.
Tip: If you are battling with passwords, instead of just using one password for everything, try this: Come up with a 4 or 6 digit number (eg. 1326), then using your initials create your password uniquely by adding a word from the website or program the login is for.
1. Facebook login password = jBrface1326
2. Gmail login password = jBrmail1326
3. Bank Account password = jBrbank1326
Play with the formula as you wish, but if all your passwords have 3 parts and you know 2 of the parts and the 3rd is related to the place you're trying the login into, it is a bit easier than remembering a hexadecimal password, and better than your pets name.