Password Hell and the Tyranny of the Password

(Thanks to Dilbert.com and Scott Adams for the above cartoon.)

Yep, we all know about passwords with letters, numbers, doodles, sign language and squirrel noises.

The Dilbert comic above is indeed prophetic. In the near future we will see more gadgets and gizmos used for web authentication. Currently many financial institutions are using enhanced authentication gadgets. These are currently too expensive for use in  standard web accounts.

Over the last few years, the number of sites requiring a username password combination to log in has grown exponentially. The security rules have also expanded to the extent that some sites are just too painful when you have to supply a suitable password. We all know that we should have a strong password and that we shouldn’t re-use it on other sites. We tend to follow the rules with financial web accounts but get slack with all those that are seemingly unimportant. Often it is the seemingly unimportant accounts that will bring us down. OK we decide to toughen up and start to use strong passwords and avoid re-use.

There are just too many accounts that we have to remember. We call this Password Hell. You will know when you are there.

There is a simple way to escape this password hell and that is to use a good password manager. A good password vault, safe or manager can bring you web freedom and password heaven.

So what is a good password manager? A good password manager is one that is easy to use, one that enhances your security and is safe and secure. There are quite a few password managers out there on the web. Some are free and some are expensive.  

NEVER use a password manager that stores its data on the web or uses a cloud service. It seems ludicrous that you would save all your important data to location that is accessible to millions of people, even if it is encrypted. With all the sites that have been hacked over recent years including Gawker, Linkedin and Sony, it astonishes me that anyone would do this, let alone offer it as a solution. (The real reason that web storage is used, is because people are lazy, and it offers an insecure but cheap way to make the data transportable and enable synchronization.) There are other ways to achieve transportability and synchronization.

NEVER write down all of your passwords and usernames on paper. This isn’t password management. It is a disaster waiting to happen.

NEVER let your browser to remember all your passwords. These are just too easy to get back out.

NEVER use Windows Credential Manager. Just too many people know where and how to get this. Lose your drive and lose everything. 

I have used a heap of these password managers and my favorite is PassIT.Net or PassITDotNet. It is a good password manager as it is secure, searchable, personally organized, is easy to operate and it enhances your whole web experience. It does tend to make you lazy but at the same time keeps all your passwords strong and secure.

Why does it make you lazy and safe?

  • You only have to remember 1 Very Important Password.

  • It allows you to open your browser on the login page of a web account. You don’t have to type in the URL of the site at all.

  • It passes your username and password to the browser when you want it to. You don’t have to type in your username and password. You don’t have to even know what it is.

  • It can grab the address of the site that you wish to enroll or register on. No typing it in.

  • It can automatically generate strong and impossible passwords.

  • It can automatically generate strong pronounceable passwords for accounts that you may need to access without using PassIT. Strong but able to be remembered passwords.

  • It is transportable and executable via USB Drive.

  • It allows you to synchronize all of your installations of it with your transportable version. So any modifications, deletions and additions made on any other PC, including your transportable version, are all up to date, with the latest changes.

  • It automatically senses the USB drive insertion, so you do not have to select your synch target.

  • It becomes a dashboard to all your web accounts and you will use it nearly every day.

  • All your passwords now belong you. 

There is a link to this on the Free Downloads Page of this site.

It is available from the Sescoa Website   or download it directly from the SESCOA download page