For a long time, I’ve tried to reuse the same few passwords on each site or application, just so I could remember them. But this weekend, I read a blog post from one of my friends where he describes how his wife, a professional security pro, got hacked doing this.

She had the bad luck to use one of her common passwords on a Chinese web site, where someone stole site her password and used it to log into another site she uses. They assumed her identity, and sent her husband and some of her colleagues a spam email message. If someone were to steal one of my common passwords like this, and they knew a little about my habits, they could get into many different services that I use, steal a lot of my personal data, and potentially damage my reputation.

This isn’t that far fetched. It could easily happen to you.

The morale here that you really need to have a different password at each site or commercial service you have an account at, you should use strong, unguessable passwords at each, and you need an automated, portable agent that you log into once that remembers all of these unique passwords and can automatically look up the right password and log into your services for you.

The good news is that Personal Password Agents are available commercially and they do a pretty good job of managing password overload for you. I started using one this weekend that seems to be working fairly well so far, called RoboForm.

RoboForm performs a number of very useful functions that have already vastly improved my password security discipline and have even increased my productivity.

1. RoboForm includes a strong password generator that I am using to replace the shared passwords that I currently use to login with at all of the online services I use. I’m creating a unique password for each service in order to eliminate the ability for anyone to steal a common password and log onto another one of my services.
2. RoboForm keeps a list of all of the services I use and automatically fills in the password form with the correct username and password combination when I switch between services, so I don’t have to remember all of these new passwords. That’s not so different from Firefox, except that this information is stored in an encrypted form on my computer and portable between the five or six computers I use every day.
3. The only password I have to remember is the one password that I need to login to RoboForm when I open my web browser and try to connect to a password-protected service.
4. RoboForm also helps automate form filling for credit card purchases and other forms and eliminates the ability for anyone to hack my computer and record the keyclicks I use when I normally fill out this kind of information online.

The version of RoboForm that I’m using is FREE, but I will upgrade to the PRO version which lets you store your passwords on a USB thumb drive so you can move them between computers. RoboForm is also available for mobile phones on Palm, Symbian, Windows Mobile, and Blackberry operating systems.

Here are some other commercial password management and form filling applications available online. I haven’t tried all these application yet, but if you do, please leave a comment describing their effectiveness and ease of use.

1. TraySafe
2. MySecurityVault Pro
3. Password Safe
4. TK8 Safe
5. Password Vault

No related posts.