From eBay and Skype access to personal identification numbers for online banking — passwords are an everyday part of life with computers.
Experts advise against using the same user name and password for all accounts, so security-minded internet users need an extraordinary memory to keep all of their various access codes straight — or they can use a technological aide in the form of software for keeping track of passwords. The latter approach is practical, but has its risks as well.
”Password administration involves depositing passwords in an encrypted container that is protected by a master password,” says Jorg Geiger, editor at the Munich-based magazine PC Professionell.
Users need only think of a single secret word that will serve as the master key to access the data safe and all of the passwords it holds.
”Password managers are highly recommended in practice,” says Bernd Zimmermann, from Bubenreuth. The PC application support specialist from Siemens knows this well: he often faces calls from desperate users who have lost their way through the personal-password jungle. A password manager automatically inserts sensitive data into log-in screens, easing nerves and eliminating the all-too-familiar scramble to recall a given password on the spot.
Anyone who uses several computers should install a password manager on a USB stick.
”The program can then be started directly from any Windows machine to provide access to the data,” says Stefan Siegert, business director at the software house 1-abc.net in Oldenburg. Password managers installed on USB sticks must offer one important function: all temporary data that could potentially be linked to the password must automatically be deleted when the stick is removed from the computer.
Several manufactures, like Wibu-Systems in Karlsruhe, offer complete solutions consisting of software and a USB stick. This provides an extra layer of confirmation for added safety. Should the user forget his master password, then a so-called super password is used to get out of the scrape, says Wibu chairperson Oliver Winzenried. This code appears only once, when the stick is first plugged into the computer. It must be noted and stored safely at that time.
Yet password managers have their weaknesses as well. Hackers have succeeded again and again at fooling the software. The master password is the main target of the data thieves.
”If someone has hacked the computer and installed a key logger, then it’s easy for them to get the master password,” warns Geiger.
A key logger secretly records all keyboard entries, sending its illicit log back to the hacker via the internet, unnoticed.
To prevent misuse, PC users should change their passwords at regular intervals. To quote Stefan Siegert: ”Based on the frequency of use, it’s advisable to change passwords once a month for login areas linked to cash and once a year for e-mail accounts.”
What makes for a safe password? For one thing, it shouldn’t be a dictionary word, says Mirko Boer of Leipzig, developer of the cost-free manager software Alle Meine Passworte.
Other taboos include the name of a girlfriend, wife or relative.
”A password should always include capital and lowercase letters, numbers and special characters,” Boer recommends. Most password managers rate a password’s strength and even remind the user about overdue password changes.
Some managers will even generate random secure passwords for the user. Management software from companies like Steganos in Frankfurt/Main work with 256-bit keys.
”This allows for as many key combinations as there are atoms in the universe,” explains Steganos founder Gabriel Yoran. — Sapa-dpa