Morning all if you have ( like many other people in the world ) frequently have problems remembering passwords  there are the obvious ways like post-its , writing it in a book or just using something easy to write & remember. But it's not because doing so makes it easy for you to remember that your machine is still adequately protected. Bear with me if you decide to read this long & dull text because i'm trying to prove a point and tell you there is an easy & good solution for this.

 

Writing down your password on a post-it or a piece of paper / book is about the worst thing you can do ever. Just think of the one moment where you are in a rush and forget to take that written down copy of it with you. The next person that comes by your desk might be the friendly cleaning lady or someone with bad intentions. If they see your password they may attempt to gain access to your system with it and have a peek around your files. You may say no i'm only storing some rather safe files but it's a general rule of thumb that they find a bit of data here and a bit of data there and soon without knowing they can gather enough data to do harm to you. So follow the good advice from this old IT nerd and never ever write down your password anywhere. It's soo ridiculously easy to gain access to your data. It's almost like sticking your credit card on the front window of your car and using your finger to write your pin code in the dirt stuck to the window. Just don't.

 

Secondly many people just take it easy by using things like the first name of their kids , lover or pets or just plain 'pass123' as password. Seems most people with limited tech knowledge ( i'm not blaming you because not everyone's addicted to computers & tech like i am ) do not understand how easy it is to recover one's password by what we call brute-forcing your way in. What we call brute-forcing is just a way of randomly generating passwords and trying them on a system untill it matches the user account's password.

 

Allow me to give you a simple example in the form of recalling what i did to my wife's old computer. Many years ago i decided i wanted to know how long it took to hack my way into her pc to see if all this fuss about password complexity was real or just some pile of rubbish to sell stuff like password management tools.

 

I then took her pc and launched a brute force attack on it with a well known tool i'm not mentioning here because it can be used for good & bad intentions and i don't want to get anyone into problems.  Prior to explaining i have to say that i already knew what the password was as i had set it myself. I just wanted to see how long it took for the tool to decrypt the password. The test back then was ran on an old W2K OS but believe me with the modern versions of windows it's still as fast. I just used that tool without telling it what the password was and let it generate random passwords based on the contents of a "dictionary file".

 

First test was where i had set the password to some simple 6 character string without special characters or numbers. Choosing such an easy password's about the same as just writing it on a post-it. So don't.

 

That test lasted about 9 seconds and a half ran from a single cpu machine

 

Even i was astounded it went soo fast and at that time i had been working in IT for over a decade already.

 

I then opted for an 10 character long password including capitals, numbers & letters ( not even special characters like * or $ ). The time needed to get the password & log in already increased to 45 minutes. Note that today with the massive improvement of hardware ( muy faster then in 2006 when i ran the test myself ) these reference times will be shorter today.

I don't want to scare you . I just want to make you allert about the risks & dangers in usign computers.

 

So you can see when the PRO's tell you the importancy about choosing a good strong password there's a real reason for it because they know how easy it is to get into it. No we ( your friendly IT tech or sys admin ) really don't want to see what you store on your computer.

 

Right now at work i use a 10 character long password with capitals, lower-case letters, numbers & special characters and i don't keep my passwords the same over different systems... so if one's compromised the compromise stops there.

I've had a co-worker personally who got his mail account hacked and the punk doing so attempted to use some google translate dutch to ask the co-worker's bank manager to transfer nearly 20000 US$ from his account to an account in Romania. Yeehaa that punk didn't know the bank manager was my co-worker's cousin and secondly that the co-worker was my co-worker :D So about 45 minutes after it had happened we knew the exact location where the attack was launched from and who had access to the target bank account ( nah don't ask as i have my ways and i'm not telling but be sure i'm not a hacker myself i just know many people in the right official places ).

 

So , to continue my security preachings, if you find such passwords too difficult to remember that still does not give you the moral  right to go for an easier one as there's the perfect tool to help you in this. In case you haven't heard of it or haven't bothered trying it like i did untill a week ago 

( i've been a Secure Anywhere user for about 2 months now : shame to me i know but honesty forces me to admit this ) there is this thing they call Webroot's Password manager. Look for the little 'W' icon in your browsers toolbar and use it...

Takes a couple of seconds of getting used to it but it's by far the best i have seen till today because i have a natural allergy of storing passwords anywhere except in my mind. At work i blow a big fuse & gaskit all together when i see someone writing down a password. 

 

Give it a try. There's a good reason the WR dev team bothered creating it. It's because they want to give you a better protection. And don't worry those passwords are not stored on your computer but in the allmighty WR cloud. Do it like i do. Every day try a new feature from Secure Anywhere.