 |
 |
No, I do not have such a utility. In my opinion, this can be a recipe for disaster. Consider the following scenario: You keep all your passwords in this utility on your PDA. You do not remember these passwords, nor remember which passwords are kept here, but know that your passwords are located on your PDA. If you loose your PDA, then you will need to change all of your passwords (as they can now be accessed at the leisure of the person who now has your PDA through brute forcing the master password). However, if you do not know your passwords, nor which passwords are kept here you are in a slight bind. I use passwords that are easy to remember (usually pass phrases), and change them on rare occasion. If the system is not critical, then you can use the same password for them all. While some may disagree, I believe that length is more important than character set or change frequency. As pass phrases are, by definition, longer than passwords, I believe that they are one of the best methods of achieving security. As one of the first items put on systems that are compromised is backdoor software, once they are in a system they will most likely stay there. Put another way, once the bad guy is in, they are almost impossible to remove without going back to bare metal. +-------------------------------------------+ | Michael Surato | | Resource Center for Persons | | with Disabilities | | Michigan State University | | 120 Bessey Hall | | East Lansing, MI 48824 | | Voice: (517) 353-9643 Fax: (517) 432-3191 | +-------------------------------------------+ > -----Original Message----- > From: MSU Network Administrators Group > [mailto:[log in to unmask]] On Behalf Of David McFarlane > Sent: Tuesday, May 16, 2006 2:33 PM > To: [log in to unmask] > Subject: Re: [MSUNAG] Password Expiration Policies > > >People who need to change passwords often all too frequently put them > >1) on postits on their monitors, 2) little pieces of paper in makeup > >cases, 3) in PDA's, 4) as files on their laptops 5) on > dashboard visors > >in their cars. > > Does anyone use password software, like Passkeep or Whisper, > that keeps an encrypted file of a user's passwords? I use > one of these, then I only have to remember one password to > open up the password file (ah, but then I never change that > password, shame on me!). > > Also, what do people think about passphrases vs. passwords? > > > -- David McFarlane, Systems Designer > Dept. Psychology, Michigan State University > [log in to unmask] www.msu.edu/~mcfarla9 > Voice: (517) 353-0799 Fax: (517) 353-1652 >