 |
| The KleinPost |
|
|
| More Inside K4 |
|
Keep Track of Your Passwords Without Losing Your Mind When Merely Acceptable Is Good Enough Primary, Best Fit, and Category Indexes
|
| Click here to see all articles. |
| Inside K4 Archives |
by Aaron Bennear
 |
 |
From online shopping to online banking, many of the websites we depend on ask us for a password. We know that simple passwords, like letmein or 12345, are less than ideal. Somebody could guess your password by trying a few likely suspects, such as your kid’s names or your alma mater. What’s worse, readily available "password recovery" software can make hundreds of thousands attempts a second to guess your password. To thwart these casual, and not so casual, password hacks, you have to use a strong password. A strong password is longer, doesn’t contain actual words, and draws from a greater range of characters. However, a strong password such as wLOcOjr_H]MJJ{ is nearly impossible to remember. What’s more, you shouldn’t use the same password for more than one account.
How can we cope with the laundry list of user names and passwords we are asked for on a daily basis? Well, computers have gotten us into this mess and computers can help get us out. To manage your various passwords, I recommend you use a type of software appropriately called a password manager. With a password manager, you set one master password that opens the program. Then within the program you can store any number of passwords. Below is an example using a free, high quality program named KeePass.
To use KeePass, you must first set a master password. This is the one password you will have to remember and type in regularly. This password should be easy to use but also strong. One good way to come up with such a password is to use the first letter of the words in a memorable phrase. For example, you could use the opening of the Gettysburg Address: "Four score and seven years ago, our fathers brought forth," resulting in fsasyaofbf.
That’s a good start, but this password will be more secure and harder to crack if it includes some capital letters, numbers and non-alphanumeric characters. Let’s add some capitals, odd characters and the year of the address: fSasYaofbf^^1863.
You may have to type this in a few times before you remember it. In the meantime, just write it down and keep in your wallet or a file cabinet or a locked drawer. It’s ok to write down a password. The trick is to keep it in a safe location. Also, don’t label what account or application uses that password. Now, with our master password, we can create a KeePass database.
We’re almost ready to start storing all our other passwords. First, hit the save button to save the password database. I strongly suggest you put this file in a location that is regularly backed up. Because this file will become your keys to the kingdom, I want to reemphasize how important it is to back up this file. You should have a copy of it at another location, such as your house. The backup copy is secure. Without the master password it is unusable. By the way, if you can’t remember the master password, the file is unusable to you as well.
Enough scolding about backups. Here is the main screen of KeePass with some entries:
Entries are organized in the left hand pane and the entries themselves are in the right hand pane. I already have some entries for online banking. As you can see, I am not just storing the password but also the user name, web site address (URL), and notes. Let’s see how a new entry is created:
KeePass generates a strong password for you. You can set your own rules for these generated passwords, such as minimum length. Don’t worry. As I’ll explain in a moment, you will never have to remember or type these passwords in.
To use a password, return to the main screen. Now, to log into Bank of the Interweb, double click on its URL in the list. This will navigate your web browser to the address you entered for this bank. To supply your user name, you can double click on Bank of the Interweb’s user name in the list. This copies the value to your computer’s clipboard. You then paste it in the user name field on the bank’s login page. Repeat the process for the password. When you do this copy and paste with a password, KeePass clears the password from the clipboard after 10 seconds.
With a password manager such as KeePass, you have all of the access information for all of your critical accounts in one place; you have a different, very strong password for each of your online accounts; and you only have to remember one strong password. In short, your information is not only secure, you are confident that you have it stored in a way that you can efficiently access it.
K4 passwords
All of Klein Decisions K4 Decision Tools require a password. However, Klein Decisions does not store the actual password. Instead, we store a "hash" of the password. A hash algorithm takes an input value and transforms it into another value. For instance, the password letmein might result in the hash value eIT4HkwN. For a given input the result is always the same. So if your password is letmein, we store the hash value eIT4HkwN. When you log in, we hash your entered password to see if it matches the hash value we have stored for you.
However, the process cannot be reversed to go from the hash back to the original input. That is why we can not tell you what your password is; we can only reset it and send you the new password. We don’t store actual passwords because many people use the same password for various accounts. However, because we don’t store actual passwords you can rest assured we cannot use your password anywhere else.
For the Computer Science majors in the room, yes, we do salt our hashes. For the amateur chefs, we aren’t talking about recipes. And for everyone else, know that we here at Klein are concerned about our clients and follow best practices for password security.
Aaron Bennear has been programming financial software up and down the East Coast for the past 10 years. Now, as Senior Application Developer for Klein Decisions, he has put down roots in North Carolina, despite the ridiculously hot weather in August.