No, I do not have such a utility. In my opinion, this can be a recipe
for disaster. Consider the following scenario: You keep all your
passwords in this utility on your PDA. You do not remember these
passwords, nor remember which passwords are kept here, but know that
your passwords are located on your PDA. If you loose your PDA, then you
will need to change all of your passwords (as they can now be accessed
at the leisure of the person who now has your PDA through brute forcing
the master password). However, if you do not know your passwords, nor
which passwords are kept here you are in a slight bind.
I use passwords that are easy to remember (usually pass phrases), and
change them on rare occasion. If the system is not critical, then you
can use the same password for them all.
While some may disagree, I believe that length is more important than
character set or change frequency. As pass phrases are, by definition,
longer than passwords, I believe that they are one of the best methods
of achieving security. As one of the first items put on systems that are
compromised is backdoor software, once they are in a system they will
most likely stay there. Put another way, once the bad guy is in, they
are almost impossible to remove without going back to bare metal.
+-------------------------------------------+
| Michael Surato |
| Resource Center for Persons |
| with Disabilities |
| Michigan State University |
| 120 Bessey Hall |
| East Lansing, MI 48824 |
| Voice: (517) 353-9643 Fax: (517) 432-3191 |
+-------------------------------------------+
> -----Original Message-----
> From: MSU Network Administrators Group
> [mailto:[log in to unmask]] On Behalf Of David McFarlane
> Sent: Tuesday, May 16, 2006 2:33 PM
> To: [log in to unmask]
> Subject: Re: [MSUNAG] Password Expiration Policies
>
> >People who need to change passwords often all too frequently put them
> >1) on postits on their monitors, 2) little pieces of paper in makeup
> >cases, 3) in PDA's, 4) as files on their laptops 5) on
> dashboard visors
> >in their cars.
>
> Does anyone use password software, like Passkeep or Whisper,
> that keeps an encrypted file of a user's passwords? I use
> one of these, then I only have to remember one password to
> open up the password file (ah, but then I never change that
> password, shame on me!).
>
> Also, what do people think about passphrases vs. passwords?
>
>
> -- David McFarlane, Systems Designer
> Dept. Psychology, Michigan State University
> [log in to unmask] www.msu.edu/~mcfarla9
> Voice: (517) 353-0799 Fax: (517) 353-1652
>
|