It happens to everyone. You have so many usernames and passwords that you can't remember them all. Fortunately, Facebook, Gmail, and about a billion other online services have a "forgot password" link. Just click it and the web service will either email your password to you or allow you to reset it and enter a new one.
But what happens when you forget the password for your operating system. Not that this has ever happened to us, but hypothetically let's say we were trying to perform a fresh install of Ubuntu on a laptop this afternoon. We zipped through the installation screens so quickly that we may have accidentally inclued a typo in our password. So when the installation was complete, our (still hypothetical) computer booted up, loaded a splash screen, and then wouldn't let us login no matter how many variations of our password we type.
While you might think the easiest thing to do is reinstall Ubuntu, (after all, this is a clean install so it's not like we'd be losing any data on our hypothetical system), you can save yourself 15-30 minutes by changing the password. It turns out you don't have login to change your password. As we discovered thanks to a useful post on the Ubuntu forums, you can do it from the bootloader screen. Check out the 5 easy steps after the jump.
Password Bird is a simple online service that will create a password based on a number of personal markers. Because the password is culled from a few names and dates that are important to you, the hope is that the password will be easy to remember but remain hard to crack.
So how does it work? When you visit Password Bird, you are prompted to enter in three items:
A name that is important or special to you
A word that is special to you
A date that has personal significance
After that, you hit the create password button, and Password Bird goes to work. The next page will show you the customized password. If you don't like the password, Password Bird can quickly generate a new one based on the personal markers; or, you can choose to start over completely with a new set of words and dates.
The question is, does Password Bird make secure, yet easy to remember, passwords? In our test, we used the name Simon, the word Technology, and 1/1/2000 for the date. Here's what Password Bird came up with:
00simogy 01tecmon ogysim00 simtec20
It doesn't take the guy from A Beautiful Mind to see a pattern here.
Password Meter is an online tool that will let you find out whether your birthday, anniversary, or dog's name are really as secure as you think they are. But better yet, unlike password analyzers that we've covered in the past, Password Meter will provide you with real-time feedback beyond a security score. It will also show you how the points are calculated.
For example, the more characters you include, the higher your score. The same goes for the type of characters. If you use upper and lower case letters, numbers, and symbols, you're probably in good shape. You'll be docked points if you use just number or just letters, and if you repeat characters you're docked more points.
If you've got too much free time on your hands, you can use another tool we previously covered, Strong Password Generator to create secure passwords and then enter them into the Password Meter to see how they fare. But good luck actually remembering the random passwords created by Strong Password Generator.
If you use and reuse the same password over and over again, or if you're not very creative when it comes to making up passwords, you might want to head on over to PassPub, a site that automatically generates strong, unique passwords for your immediate adoption.
When PassPub first loads, you'll see a selection of 8 character passwords, randomly generated. You can feel free to use any of the passwords on the list; but if you want to get real creative, you can work with any of the customizable options on the sidebar.
Want something a little more memorable than GoSg8buu? You can choose a password made up of chemical elements (e.g., Ti8Ir0Bh4) or you can get mnemonic like Johnny (alternate vowels and consonants, suffixed by a 3 digit number, e.g., ZuXuFU715). There are also sections for generating WEP keys and WPA keys.
If you worry about the security risks of generating a password online, don't. No personal details are requested when using PassPub, each page generated is unique, and each page is shown from a secure server (verified by GoDaddy.com).
We can think of many reasons why it'd be a good idea to password protect an image, and, whatever your reason may be (patent pictures, blueprints of the Death Star, or maybe a couple naughty shots of the wife), sometimes it's best that others don't find out. To solve this problem, we present Lockimage.
It consists of just one file and doesn't need to be installed. Lockimage will convert any picture into a "password protected executable," which means the file will open on any PC without the Lockimage program. This means, however, the modified file is no longer considered an image file, so this may not be the right solution for some.
Lockimage is similar to Locknote, which uses a similar method of locking files. It's also a Windows-only application, and it's probably best to use this against non-hacker types. With the program being open-source, the recipe isn't exactly a secret.
If you had a nickel for every time you've had to reset a password because you were used to logging in automatically were out of luck when you had to reinstall an application, we're betting you'd have at least a nickel by now.
Snadboy's Revelation is an unfortunately named application that makes recovering long forgotten passwords a snap. Sometimes. All you have to do is run the application and drag and drop a little target button over to an asterisked-out password. SnadBoy's Revelation will show what's hidden beneath those big black circles and let you copy the text to a clipboard.
Unfortunately, this won't work with all passwords. A lot of newer programs hide your passwords somewhere else, so those asterisks are really just place holders. For example, SnadBoy's revelation won't help you recover any website passwords stored in Firefox or Internet Explorer. But the application is still more than worth its price, considering it's free.
You probably know that you should use a different password for each website you visit. And you probably don't anyway. But at the very least, make sure you're not using the same password for Facebook and your online bank account. And make sure you've got a secure, difficult to guess/hack password for important sites like financial institutions.
Strong Password Generator can help you come up with a password that's a bit more secure than your birthday, anniversary, pet's name, or mother's maiden name. Just make sure you have a good password management program because we guarantee you won't be able to remember the passwords generated by the site off the top of your head, even with the silly mnemonic devices the site offers.
In blatant disregard of password security, the governor's office of Nevada uses a surprisingly predictable Outlook login and password. How do we know? Because the information was posted in a Word document available for download from the state website.
Apparently the document was intended for gubernatorial aides responsible for sending out emails from the governor's office. The document has since been removed from the website.
The password, "kennyc" appears to be a reference to former governor Kenny C. Guinn, showing both that the governor's office lacks creativity and that the password may not have been updated in some time. The current governor is Jim A. Gibbons. Now that the snafu has been uncovered it's almost certainly the case that the password has been updated, although it's not clear wither the new password is more secure than "JimA."
Nothing is secure when it comes to passwords. That's why you have to ensure you do not store passwords online or on any device or service that can be hacked, is in beta or testing modes, and especially in public documents.
Chris Pirillo points to a little issue that was found lately concerning Google Calendars. It seems that some people might be setting reminders for themselves in Google Calendars, while entering in login and password information in the reminders. Ok, that's not the worst part, calendars from these individuals are set to public viewing.
The best place to store your passwords is in your head. Second best is on a little piece of paper that is securely hidden and would not mean anything to any person that might happen to find it. Security first online!
As we've pointed out in the past, the only way to make sure you don't have your entire online (or financial) identity stolen is to use a different password for every web site you visit. At the very least, you should not be using the same email address for your bank, email, and Flickr accounts.
But how are you going to remember dozens of different passwords? Odds are, you aren't. That's where programs that keep track of them for you come in. All you need to remember is the password for that program, and all the rest of your passwords are available when you need them.
Right, but what if you need to login to some sites from home, others at work, and you might desperately need to check another site while on vacation? Clipperz is an online password management solution. The service lets you create a bookmark for one site with information allowing you to login to dozens or hundreds of other web pages. Clipperz itself asks that you come up with a pass phrase, rather than a pass word, for improved security.
Of course, you not only need to really trust Clipperz before storing any sensitive data on the site, but also to trust that the service will never be hacked. In other words, you might be best off storing your banking and credit card somewhere else.
Ever wonder how secure your passwords are? Odds are the answer is not very secure at all.
One Man's Blog has an article showing just how easy it is to crack most passwords. And since the vast majority of users use the same password for everything from their email to their bank accounts, all you really need to do is find one password. And with some passwords, that can take less than a second. The chart above shows just how long it would take the average cracker to uncover your password using a brute force password generator.
Of course, all hope is not lost. Here are few basic tips toward a more secure existence:
Don't make your password a person's name or any word in the dictionary.
Don't use your birthday, social security number, or sequential numbers like 1234 (did we really have to tell you this one?)
Do use longer passwords (7 or more characters if you can).
Do use a combination of letters, numbers, and symbols.
Do make your passwords case sensitive and mix up the uppercase and lowercase letters.
Substitute letters for numbers. For example "D0wnl04d Squ4d" would take a lot longer to find than "download squad."
Do use a different password for every site you visit.
That last one's a killer. You'll either want a good program to keep track of your passwords, or at the very least make sure that you use a different password for your bank account than you use for online photo sharing sites. [via lifehacker]
Creating a new secure password for websites you visit everyday and having to remember them is such a pain, but it doesn't have to be. Do you use the same password for every website you visit? Thats not a very secure thing to do, a unique password for each site you visit is the most reliable way to keep yourself safe. SuperGenPass is a browser bookmarklet that will use your master password to create secure passwords for each different website you use throughout the day, and you don't even have to remember them.
SuperGenPass is a snippet of JavaScript code that is stored in your browser as a bookmark, no install necessary. How does it work? When you are signing up for a new service, enter your master password into the password field on the website. Select the SuperGenPass bookmarklet and follow the instructions to show or populate the new secure password generated from the JavaScript code. The process is simple, but is it secure? The code isn't sitting on any website, it's in your browser as a JavaScript string.Trusting this code is another issue, what happens if for some odd reason the bookmarklet becomes corrupt? Bye Bye secure password. It does come up with secure looking alphanumeric passwords based on what I typed in for my password, so as far as that goes its secur-ish. I would prefer to write it down, for that extra precaution.
Bill Gates made a surprise announcement Tuesday during his keynote at the RSA security conference: Microsoft will support OpenID 2.0. Great, but what's OpenID?
You know how every time you sign up for a new web service, you have to create a username and password? And you know how you're always worried that you'll forget your login information, so you wind up using pretty much the same password for most sites? And then you get all worried that someone at one site could find a way into your bank records, so you start creating variation until you can't remember which password goes with which site.
If you're someone who regularly has to click the "forgot password" link on web sites, OpenID is made for you. It's a system that allows you to login to mulitiple web sites with a single username and password, which is actually a personalized URL that securely stores your user information. OpenID is the free and open source invention of Brad Fitzpatrick, creator of LiveJournal.
OpenID would also seem to be competition for Microsoft's Passport system, which works primarily with Microsoft sites. Microsoft is the largest company so far to announce support for OpenID, which currently works with sites including LiveJournal, Zooomr, and Vox.
Ever had a PDF document that you needed to read, but was protected by a pesky password? Digital Inspiration has you covered. Now none of us endorse breaking passwords in ways that violate copyrights and so on, DI posits a plausible scenario: "Say one of your former colleague created some critical sales reports in PDF format but he is not working with the company anymore. In his absence, you have no option but to crack the PDF password in order to open, read or print these PDF files." Ah, yes, the good old departed, paranoid colleague. The guide covers how to copy or print PDFs that restrict such activities and how to use password recovery tools to ferret out that password--just hope your colleague used a simple password or it's bound to take awhile.
So it took me about a decade, but I've finally reached the breaking point: I have too many usernames and passwords to remember. This came to a head today as I tried to log into a handful web sites to change some billing information and had to make multiple tries to get into half of them, even having to click on the dreaded "Forgot your password?" link once. Enough! There are dozens and dozens of programs out there designed just to solve this problem, but the trouble is figuring out which ones are crap and which ones are good. And that's where you come in, dear readers:
What's the best password-management app for your money? Here are my criteria: Super easy to use, unobtrusive (keyboard access a big plus), works on Windows, works with Firefox, secure (duh), and fairly configurable. Also, as you know, I'm incredibly cheap, so free or very inexpensive are high on my list.
Can you help me out? Leave your recommendations in the comments below.
So it took me about a decade, but I've finally reached the breaking point: I have too many usernames and passwords to remember. This came to a head today as I tried to log into a handful web sites to change some billing information and had to make multiple tries to get into half of them, even having to click on the dreaded "Forgot your password?" link once. Enough! There are dozens and dozens of programs out there designed just to solve this problem, but the trouble is figuring out which ones are crap and which ones are good. And that's where you come in, dear readers:
