| * Keeping track of your access codes without jeapordizing security. * |
|
Words of a Feather: Keeping Track of Too Many Passwords by S. Lee Henry |
|
If you are an average person, you have so many access codes to remember, you practically needs a palm organizer simply to keep track of them. Home phones with voicemail, work phones with voice mail, mobile phones with voice mail, calling cards, ATM cards, online bill paying accounts, online bank accounts, online brokers, personal ISPs, and so many Web sites requiring login, this problem hardly comes as a surprise. Worse yet, even if you wanted to set all of your access codes to the same value, you probably couldn't. By definition, some codes are numeric only while others require a mix of digits and characters. Still others expect at least one punctuation character. Now require that all passwords be hard to guess, and creating and remembering all of your access codes can be extremely challenging. Some of us -- techies with more than two-dozen passwords, PINs, and other access codes -- have resorted to various techniques to assist our memories. Try relating your access codes using a basic theme or two. This technique works when you have control over your access codes. For example, you might assign a prefix like "2many" or "getsum" to Web site access codes. Then attach a string related to the particular site to the selected prefix. To buy books, I might use "getsumbooks" while using "getsumpills" for online drug store purchases. The common string and structure usually supplies enough information to reconstruct the password, even if you have not used a particular site for a long time. For numeric codes, you might disguise the code as an address or phone number and diligently camouflage it in your address book. The access code for a restricted access room might be stored under the first name of someone else with access to the room. Entry "Mike, 456-3738" might mean the combination to the room is 56-37-38. You might store an ATM’s access code as Mike’s addres.sIIf the most convenient ATM is on Belmont Street, then you might record an entry "Mike, 1427 Belmont". Another "trick" is to select a small number of passwords that you use for the same variety of purposes. You can then record the password associated with each particular site or account by just jotting down the first letter or two of the access code. How careful you need to be with all the passwords, PINs, and access codes you need to recall depends on how likely you are to look them up and how likely you are to lose your address book. I always assume the chance of compromise is small, but the risk is high, so I'm careful without going overboard. The accounts that I use often (e.g., the root account on my personal Sun and the main servers that I administer) are easy to remember because I am constantly reinforcing them in my memory. It's the infrequent access codes that I feel constantly at risk of forgetting. |
|
About the author Sandra Henry-Stocker (a/k/a S. Lee Henry) has been administering Unix systems for more than 17 years. In fact, she describes herself as "USL" (Unix as a second language) and barely remembers enough English to write books and buy groceries. She currently works for TeleCommunications Systems (a wireless technology company) in Annapolis, Maryland, and lives on a farm on Maryland's Eastern Shore. |
|
ADDITIONAL RESOURCES Just the FAQs: Online resources for Unix users Linux security basics Layered biometric tools boost security Human error: the source of most security problems |