An enormous number of people set their web browser, e-mail client, and other software, to store their login details. Then, they leave the computer unattended for maybe hours at a time, often without locking the workstation first. I surely do not need to spell out how this could affect security.
Personally, I don’t store any passwords on the computer. This does mean I have to remember them all, but I have a good memory, so that isn’t a problem.
But what about those of you struggling to remember the one or two passwords to log into the computer in the first place? You don’t want to have to remember 20 passwords, all for different websites.
Well, I’d like to advocate those programs which store all of your passwords, encrypted, and require a single password for access. Choose that password wisely. Don’t use any password you use elsewhere, make it as long and complex as you are able to remember, and make it hard to guess.
These programs differ from storing your passwords in, for example, Firefox because you must enter a password to access the password store in the first place. Once you’ve done this, you can easily obtain the login data for any website you visit, and if you’re leaving the computer for a while, lock the password store before you go. You don’t have to lock the entire workstation, or remember a screensaver password on top of all the others.
Software like this exists for a reason. While it may not be the ideal solution (which would be to remember the passwords yourself, or to set up systems which use other authentication mechanisms, such as public-key based SSH logins), it forms an interim response to weakened security due to “password manager” features in browsers, e-mail clients, instant messaging systems and so on.
No comments:
Post a Comment