Program With .NET
Matt Casto's .NET Journal RSS 2.0
 Friday, July 13, 2007
Password Security
When I'm feeling especially paranoid, I worry that even my secure passwords are vulnerable to key loggers and other software that could be running on a computer. This is doubly true for public terminals. Also, as a consultant, I don't like to install applications on my work computer so I use portable applications off of a USB drive that I carry with my keys.

Gizmo Richards' newsletter has a great article about improving password security in the June issue as part of a series about increasing security when using public terminals.
So what can you do to improve your security when entering passwords?

Quite a lot actually. Of the many different options available to improve your password security to me the most attractive is to enter your passwords using a password manager like RoboForm2Go running from your own USB flash drive.

The article also goes into alternative techniques to make entering a password more secure in order to obfuscate it from anyone snooping on you.
Spy
  1. Choose passwords with random characters that are long. This is standard password strength advise that is covered here and here.
  2. Look behind you for people/cameras that may be able to see what you're doing. Shield your keyboard if you're worried about visibility. You may feel silly about looking paranoid, but it only takes a few seconds and the only people would will even notice are ones that are trying to spy on you.
  3. Enter your password in a way other than just typing. This includes pasting from the clipboard, drag and drop from another place, use ALT+numpad combinations to insert letters, insert dummy characters and remove later, enter parts of your password in a different order, highlight and drag characters to another location, and maybe even using the character map to insert characters. Ideally you would use a few of these techniques together.
This information is useful even if you're not using portable apps, but worry about password strength and vulnerability. There will never be a totally foolproof method, but one of the best methods to increase security is to do things that make you less of a target. Just like pickpockets will target people who are more vulnerable, hackers and spies will target people using little to no security and ignore you because it would take too long to figure out what you're doing.

Labels:

Friday, July 13, 2007 6:00:00 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
security
Central Ohio Day of .NET

Links
Home
My del.icio.us links
Twitter
PresentLight CodePlex Project
Categories
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Blogs I Read
 Ben Carey
 Brad Abrams
 Jeff Atwood
 Jesse Liberty
 K. Scott Allen
 Leon Bambrick
 Omar Shahine
 Phil Haack
 Rob Conery
 Roy Osherove
 Sara Ford
 Scott Guthrie
 Scott Hanselman
 WynApse
Colleagues
 .Net
 .NET Pillow Talk
 Alexey Govorin (Leshka)
 B-Dub's Blog
 Bender's Blog
 Biztalk Patterns
 Brian H. Prince
 Dan's Tech Blog
 FrazzledDad
 Jon Kruger's Blog
 MelGrubb.ToBlog();
 Monish's Blog
 Slight Weapons Malfunction
 Steve Harman
 The Untitled Blog
 We will rule the galaxy together
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2008
Matt Casto
Sign In
All Content © 2008, Matt Casto
Theme based on DasBlog theme 'Business' created by Christoph De Baene (delarou)