20 August 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,012,320Views 62Comments

I Want to Punch Passwords in The Face

08 October 2009  |  2549 views  |  2

Passwords and forms harass and mock me every day of my life. Everywhere I go there is a big burly bouncer who is the password gatekeeper and he needs a beating. He won’t let me in or by the velvet ropes unless I know the secret code. Most of the time I know what he wants, but because I have so many passwords to remember (last count is 456, but less than 200 active/weekly sites), I sometimes forget. Then I try 2-3 other passwords that I think will work before I get locked out. I can’t have all the same passwords because wouldn’t it be just great if I got hacked.

Ultimately I have to go to a password protected file that stores them and begin the copy paste process. But even when I do that there are problems. Sometimes when a password is copied then pasted, the form won’t recognize it. It’s a code thing that’s beyond my expertise.

Some are reading this and wondering why this is even an issue. Saying if you use one browser and have one password manager then it’s a no brainier. But I don’t use one browser. I use 2, Firefox and Chrome. I have my reasons. I also use 4 different computers consistently.

Both browsers have tabs up top and I have at least 15-20 tabs going at the same time. Social media and various blogs are rich with technology that doesn’t always work like it’s supposed to. It’s a constant struggle getting it all to work.

You’d have to be a savant (and have lots of time) to have 8 browsers on 4 PCs working perfectly with Java, Flash, audio, video and all the other plug-ins to make everything work like it should seamlessly.

All of this coupled with the fact that operating systems are often reinstalled, password managers mostly don’t do what they are supposed to, hardly any of them work with more than one browser and I don’t like auto-fill for security reasons. And I’d never use auto-fill on a laptop.

I’ve tried every possible free and fee based password manager and they mostly all have the same thing in common: They don’t do what they claim they do.

CNET introduced me to RoboForm Online. I installed it this week and it works the best of any password manager I’ve ever used. It’s a little buggy with its “master password” that doesn’t always recognize, but the over all experience is a good one.

What I like about it the most is its ability to back up automatically in the cloud among all 4 PCs and with each browser. The “Chromium” RoboForm browser is a Chrome like browser that I had to install because Google hasn’t allowed Chrome to be tweaked by 3rd parties just yet. I had to reinstall Chromium once after it crashed. But it’s working OK.

After working on all 4 PCs over a week on each different browser doing all the different tasks like blogging that help me pay the bills, I finally have most of my passwords in sync and it’s now a relatively painless process. I’m not feeling as violent towards passwords as I once was.

Beefing up passwords using a password manager is much easier. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases: Full moons on Saturday bring out whackos @12am!: is FmoSbow@12am! That’s a strong password that no sane person will enter manually. But  a password manager makes it possible.

Strong passwords help protect identities. In addition you must:

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

TagsSecurityRisk & regulation

Comments: (2)

A Finextra member
A Finextra member | 08 October, 2009, 11:23

Thanks for this insight Robert.

This is something I've become increasingly interested in recently. See the linked article by F-Secure http://www.f-secure.com/weblog/archives/00001691.html.

I'm not working in the hundreds of passwords so much as the tens, but this is my current favoured approach. Write it down, on a post it!

Regards, Richard

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
John Dring
John Dring - Intel Network Services - Swindon | 09 October, 2009, 22:48

Exactly my problem too.  Maybe not quite so many passwords or variations, but its truly a pain, and one that PKI was supposed to resolve years ago.  And its not just the passwords, but the UserID itself can be a guessing game (I even forgot my Finextra userID again because I've been away a while!)

But I never trusted those Password Managers either.

So my 'system' is a (probably very poor) cryptic clue to my several passwords which I can refer to when I forget one or run up against the 'final attempt'.

Thanks for the links.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  5573 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6186 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  4881 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5570 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5073 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan
Adedeji Olowe