Mention security and people immediately think of the many username/password combinations they must use on a daily basis. Undoubtedly, your company or organization has a policy requiring that the passwords used on its networks meet certain length and complexity standards. Often overlooked, however, is password management. For example, I have a different password for my corporate network, email, and bank account, as well as one for every vendor I conduct business with. In a world that is becoming increasingly dependent on e-commerce, and e-identities, securely managing a myriad of passwords without sacrificing convenience is a matter of necessity.
Vendors have taken some interesting steps to narrow the technological gap between convenience and security. Some ecommerce sites require users to provide additional information to assist in password recovery. These additional questions effectively become passwords to the password. My favorite example is a site that asks for me to provide my "typical internet password" to be used a "follow up" authentication question.
This problem is only one of many within the broad category of identification and authentication, that is proving that you are truly who you say you are. The current trend is to decrease the emphasis on memorizing unique alphanumeric combinations by supplementing what you know (the password), with other forms of authentication (what you are and what you have). This trend is called multi-factor authentication, and this is where security technologies like biometric sensors and electronic tokens come into play. We are just now beginning to see the application of this technology in devices like fingerprint scanners on laptops and the PayPal Security Key. Despite these new innovations, e-commerce sites will almost certainly continue to rely on users to provide countless user names and passwords for some time to come.
In the mean time, there are invaluable tools that can help level the playing field in the password game. KeePass is a free, open-source, password manager that is available for Windows, Mac, and Linux computer systems. It allows the user to store and organize all of his or her usernames and passwords in a single, easy-to-use interface. KeePass greatly increases password security by allowing the user to automatically generate complex passwords that are unique to a specific website or application. More importantly, KeePass frees the user from the daunting task of remembering each username/password combination. The username/password combinations are encrypted and stored in a database the program protects by a single password. The end result is that KeePass allows a user to replace all of his or her passwords with better passwords while only having to remember a single (hopefully very secure) password. The caveat to this technological innovation is that remembering the master password is critical, and the KeePass database should be backed up in more than one location. Once you begin using a password manager such as KeePass, you will wonder how you ever managed without one.
Just don't forget the password.
For information on KeePass visit: http://keepass.info/