Password Security Tools

Users often have multiple online accounts with e-commerce sites, webmail sites, social networking sites, and other Web sites, most of which require a username and password. Faced with remembering many different passwords, users typically do one of two things: they either use the same password for all or many of their sites, or they use extremely simple passwords that are easy to remember, such as names, dates or "dictionary" words.

While convenient, it is not very secure. Simple passwords can be easily cracked or compromised using simple brute-force, dictionary-based attacks. Even slightly complicated passwords can be cracked using more sophisticated techniques.

Security Stats  runs a free utility where users can test the strength of their password. Most authorities recommend a mixture of uppercase, lowercase, numbers and special characters, and a minimum character length typically no fewer than eight. Even if users do create a strong password, however, often they use this same password everywhere. If this password does happen to be compromised, all the user's accounts are vulnerable.

To provide convenience and security, password management software, such as RoboForm , PSynch  and Password Safe , automates this process. The user simply creates a table for the Web site, username, and password. This information is then encrypted by the software. The user just needs to remember a master password to use the software. When the user wishes to access a Web site, he simply clicks on the corresponding entry in the software, and the Web site fields are filled automatically. Such software even automatically generates strong passwords for the user if desired.

Users should keep in mind a single point of failure still exists with such software. If the master password is compromised, it may be possible to recover all the other passwords as well.