A real simple answer to password protection

Saving your own password file with a password might not be secure enough.

It's a question I get asked a lot: what's a good way to remember passwords for a computer?

Here's how Christopher Horn over at Real Simple chose to answer it:

Writing down random log-in user names and passwords is unsafe and leaves them vulnerable to getting lost. Use a spreadsheet or a word-processing document to keep track of all the information safely. List the link for each website you have an account with and the specific user-name and password information that goes with that account. Click the Save As option under the File tab and name the document. The Save As window will have an Options or Security Options key, which you should select. Navigate through the menus, entering the necessary password--for both opening and modifying the document--until you have successfully secured and saved your list. To retrieve the information, open the file and enter one password to access all the others.

I disagree.

There are some problems with Horn's answer. What happens if you want to log in to an account using a different computer? And, shouldn't you encrypt the file as opposed to just using a password?

Even the security people at Microsoft have told me that using the passwords within Windows and Office aren't necessarily your strongest security option. I know that password protection within Word or Works can be defeated with a variety of password-cracking programs. John the Ripper is perhaps the best known program and uses lists of common dictionary words to brute force unknown passwords. Chances are, Real Simple readers will probably use "password" as the password for their password list. But, still, placing a password on a file (placing a lock on it) is not the same as encrypting the entire file (scrambling the contents so only you can read it).

Me? I go low-tech. I write down all my passwords with pen and paper and do so in such a way that it would take someone a long while to associate a password with a given account. I also change these passwords from time to time. And I don't store my low-tech, highly obfuscated password crib sheet anywhere near my computer.

For a more thorough discussion of the various issues around passwords and password management, check out Elinor Mills' latest CNET News feature .

Tags:
Security
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Is your phone battery always at 4 percent?

    These battery packs will give your device the extra juice to power through all of those texts and phone calls.