X

A real simple answer to password protection

Saving your own password file with a password might not be secure enough.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi
2 min read

It's a question I get asked a lot: what's a good way to remember passwords for a computer?

Here's how Christopher Horn over at Real Simple chose to answer it:

Writing down random log-in user names and passwords is unsafe and leaves them vulnerable to getting lost. Use a spreadsheet or a word-processing document to keep track of all the information safely. List the link for each website you have an account with and the specific user-name and password information that goes with that account. Click the Save As option under the File tab and name the document. The Save As window will have an Options or Security Options key, which you should select. Navigate through the menus, entering the necessary password--for both opening and modifying the document--until you have successfully secured and saved your list. To retrieve the information, open the file and enter one password to access all the others.

I disagree.

There are some problems with Horn's answer. What happens if you want to log in to an account using a different computer? And, shouldn't you encrypt the file as opposed to just using a password?

Even the security people at Microsoft have told me that using the passwords within Windows and Office aren't necessarily your strongest security option. I know that password protection within Word or Works can be defeated with a variety of password-cracking programs. John the Ripper is perhaps the best known program and uses lists of common dictionary words to brute force unknown passwords. Chances are, Real Simple readers will probably use "password" as the password for their password list. But, still, placing a password on a file (placing a lock on it) is not the same as encrypting the entire file (scrambling the contents so only you can read it).

Me? I go low-tech. I write down all my passwords with pen and paper and do so in such a way that it would take someone a long while to associate a password with a given account. I also change these passwords from time to time. And I don't store my low-tech, highly obfuscated password crib sheet anywhere near my computer.

For a more thorough discussion of the various issues around passwords and password management, check out Elinor Mills' latest CNET News feature.