Contact Us   Site Map
Airline Mismanagement

Bill Carey is VP of Marketing at Siber Systems, the company that develops the Roboform software, which we review here.

His software remembers passwords for you, freeing you to use more imaginative passwords.

In this article, based on material he provided, there are some helpful guidelines on password choices.

 
 
Travel Planning and Assistance
Road Warrior resources
Noise Reducing Headphones
International Cell Phone Service
GSM cell phone unlocking FAQs
Portable MP3 Players
GPS series of articles
Should you choose an iPhone or Android series
Apple iPhone review series
iPhone 3G/3GS Battery replacement
Third Rail iPhone 4/4S External Battery
Apple iPad review series
iPad/Tablet Buying Guide
Google Nexus 7 review
Netflix Streaming Video
Sharing Internet Access series
Microsoft OneNote review
T-mobile/Google G1 phone review series
Blackberry review and user tips
Palm Tungsten T3
Motorola V3 Razr cell phone review
Motorola V600 cell phone review
Nokia 3650 cell phone review
SIM Saver GSM Phone Backup and Copy Device
Clipper Gear Micro Light
Amazon's Wand review
Amazon's new (Sep '11) Kindles and Fire review
Review of the Kindle Fire
Amazon Kindle eBook reader review
Amazon Kindle 2 preview
Sony PRS-500 eBook reader review
Audible Digital Talking Books review
Home Security Video Monitoring
Quik Pod review
Joby Gorillapod review
Satellite Radio Service
Satellite Phone Service
All About Speech Recognition Software
2005 Best Travel Technology Awards
How to connect to the Internet when away from home/office
Bluetooth wireless networking
How to Choose a Bluetooth Headset
Logitech Squeezebox Duet
Packet 8 VoIP phone service
Sugarsynch software review
iTwin remote access device
Barracuda Spam Firewall review
Cell Phone Emergency Power Recharger series
First Class Sleeper
Roboform Password Manager review
Securikey USB Computer Protection Key review
Steripen UV Water Purifiers
ScanGaugeII OBDII review
SafeDriver review
Expandable Bags for Traveling Convenience
USB Flash Drive
Vonage VoIP phone service
Laptop Screen Privacy Filter
AViiQ Laptop Stands
Aviator Laptop Computer Stand
No Luggage Worries
Pack-a-Cone roadside safety flashing cone
Emergency Self charging Radio
Evac-U8 Emergency Escape Smoke Hood
MyTag Luggage Tags
Beware of Checked Baggage Xray Machines
SearchAlert TSA approved lock
Boostaroo Portable Amplifier and splitter
Dry Pak protective pouch
Boom Noise Canceling Headset
Ety-Com Noise Canceling Headset
Nectar Blueclip BT headset holders
Skullcandy Link Headset Mixer
Lingo Pacifica 10 language talking translator
Nexcell NiMH rechargeable battery kit
Jet Lag Causes and Cures
SuddenStop License Frame
CoolIT USB Beverage cooler
Travel ID and Document Pouches
Protect Yourself Against Document Loss
Personal Radio Service
PicoPad Wallet Notes
Times Electronic Crossword Puzzles
Slim Cam 300 micro digital camera review
Stopping Spam
BottleWise Bottle Carrier review
The End of the Internet as We Know it?
How to Book and Buy Travel
Scary, Silly and Stupid Security Stories
Airline Reviews
Airline (Mis)!Management
Miscellaneous Features
Reference Materials
About the Travel Insider
 
Search
Looking for something else? Search over two million words of free information on our site.
Custom Search
 
Free Newsletter

In addition to our feature articles, we offer you a free weekly newsletter with a mix of news and opinions on travel related topics.

 

 View Sample
Privacy Policy

 
Help this Site
Thank you for your interest in helping this site to continue to develop. Some of the information we give you here can save you thousands of dollars the next time you're arranging travel, or will substantially help the quality of your travel experiences in other, non-cash ways. Click for more information
 
Reader's Replies

If you'd like to add your own commentary, send me a note.

 

Effective Computer Password Management

Simple techniques to make your passwords safer
 

How to make your passwords simple for you to remember, but hard for other people to guess?

The short answer = you can't.  But you can make your password(s) simpler, and you may also choose to use a password management program to solve the problem entirely.

 

 

 

Identity theft via breaking your password is of growing concern - and prevalence.

Fortunately, this threat can be variously minimized or eliminated if you adhere to some easy-to-follow guidelines.

How your password is stolen

Identity theft was the most-reported complaint to the Federal Trade Commission in 2004, up 15% from 2003 to 247,000 complaints.  The problem has intensified because of the speed and availability of information on the Internet, and - paradoxically - as we need to remember more usernames and passwords to access various accounts, we are becoming increasingly less careful when choosing our user name/password combinations.

Identity thieves are primarily after one thing, your passwords.  Once the culprits collect your passwords, they gain access to your accounts, steal your identity and use the information for personal benefit.

“Phishing” and “password hacking” are two popular identity theft practices.  Phishing is a widespread form of Internet piracy that "fishes" for your personal financial information - account numbers, Social Security number, passwords, etc.  Thieves use this confidential information to run up bills on your credit or debit cards, take out loans or even obtain a driver's license in your name.

Phishing for Passwords and Personal Data

Typically, a phishing e-mail appears to come from a reputable company that you recognize and may do business with, such as your bank, PayPal or E-Bay.  The e-mail will warn you of a problem that requires you to take immediate action to update or confirm your personal account information. The e-mail will instruct you to follow a link to the institution's web site.  The web site will actually be phony, but will look like the real thing.

The inducements to cause you to log onto the spoofed phony site can be very clever and imaginative.  Typical reasons are things like 'your credit card has expired, please log on and update your credit card data' - this is a great concept, because you are then tricked into betraying not only your login ID and password, but also you then provide the phisher with full details on a credit card, too.

More imaginative reasons can involve an apparent complaint/negative feedback posting from an eBay member, or an unexpected mystery payment received on Paypal (I fell for that last one on one occasion - I was both puzzled and pleased to be told I'd received a payment, but didn't know what it was for or who it was from, so clicked to the 'details' link in the email; the next thing I knew, I has half-way through typing in my login information (wondering why Internet Explorer wasn't doing it automatically as it usually does) and suddenly I realized the trap I was walking in to.

Phishing websites have urls that look similar to the real website url, but which are subtly different so as to cause you to be on a different website.  And the text url link you see in an email is not necessarily where you will be taken to if you click on the link - for example, here is a link, apparently to https://www.alaskaairlines.com/ but if you click on it, you'll actually be taken to a very different airline website.

As soon as you type your login ID and password, this vital information is transmitted to the phisher, and he can use it to then log in to the real site, as if he were you, take over your account, and use it for his own purposes.  Using the personal and financial information in your account profile, plus any additional information you might have provided to the spoof site, the phisher can readily cause you to become a victim of identity theft.

Beating the Phishers

Any unusual email from a website that requires you to go and log in to the site should be treated with suspicion.  Although often these phishing emails can quickly be spotted because they will be poorly formatted and have poor grammar and spelling, a few very dangerous ones look exactly like the genuine email you normally get.

Don't click on any links in the email - if you think the email might be valid, go to the site by way of your favorites (if it is stored in favorites) or by typing in the website name exactly as you know it to be.

This increases the chance you're actually and validly going to the website you think you should be going to.

If the email refers to you by name and quotes other details that only the valid website might know, this increases the chance of its legitimacy.  But if it refers to you as 'Dear account holder' or 'Dear member' or some other generic form, then the chances are higher the email is fraudulent.

Password Hacking

Password hacking commonly occurs by guessing people’s passwords based on personal information, or through the use of password hacking software.  Password hacking can be avoided with minimal effort - ie, by creating passwords that are unrelated to anything to do with your personal details, and which are not proper words such as would be found in a regular dictionary.

This article examines some of the best and worst password practices, then gives you some simple, easy-to-follow ideas on how you can improve the security of your digital identities.

As Passwords Become More Important, We Have Become Less Careful Protecting Them

With the coming of the digital age and the need for us to have instant access to information, passwords are absolutely essential to restrict authentication to non-valid users.  We must enter passwords every time we logon to our computer, start an application, open our email, etc.  Our list of passwords continually grows and never seems to stop expanding.  Instead of remembering one password, as was needed in ancient times, it’s now common for a typical computer user to need to remember one hundred or more different passwords.

As more passwords are required they become more difficult to manage, therefore we take short cuts with the passwords we choose, making our personal information and digital identities less secure.

What We Typically Do Now

Most of us choose a simple word that is easy to remember, such as our :

  • name or initials

  • child’s name

  • pet’s name

  • favorite sport

  • favorite team

  • A significant date in our lives

Although this is a common practice, it should be avoided.  Hackers can guess these passwords if they know some basic personal information about us, or are armed with the most simplistic password hacking programs.

Here are more examples of poor password management practices.

Poor Password Management Practices

Don’t use dictionary words, proper nouns, foreign words or backwards words.  Hacker programs can crack these password codes, simply by repetitively trying every different word until they finally strike it lucky.

Don’t use personal information in your passwords such as your name, child’s name, occupation, telephone number, ID number, address or birth date.

Don't share your password with anyone!  Not with your spouse, parents, siblings, significant other, secretary, boss, or co-worker.

Don't write your password on a Post-it and stick it on your monitor or any other easily accessible location.  In fact, you should not write down your password anywhere.

Don't save your password as part of an automatic login script if anyone else has access to your computer.

Don’t rely on Internet Explorer’s AutoComplete function.  This is an insecure method of storing your passwords on your computer.

Don’t allow a web site to store your password.  Almost every web site offers to store your passwords so you won’t need to retype it each time. There are three main reasons not to allow this.

First, passwords saved in these programs are not secure and can be read and used by anyone with access to your computer.

Second, hackers are increasingly gaining access to servers, where your passwords are stored.

And third, if you decide to delete your cookies, many sites will not allow you access, forcing you to go through the time consuming process of requesting and resetting your password.

Don't keep a record or list of your passwords in an unencrypted file on your computer where it is susceptible to hacking.

Don't choose or change your passwords on a public computer or in a public place such as an Internet cafe.

Don’t use the same password on multiple accounts.

Don’t use common passwords such as

  • password

  • qwerty

  • 1111

  • admin

  • etc etc

Good Password Management Practices

Perhaps the single most important thing to remember when creating a new password is to make the password hard to guess, but easy to remember.  That’s easier said than done, but follow some of the guidelines below and you will start using passwords that are more secure than what you’re doing now.

A good password is any combination of letters and numbers that cannot be found in a dictionary.  Your password should be at least 6 to 8 characters long and should not have any personal information such as your name, child’s name, occupation, telephone number, address or birth date. A  combination of letters, numbers and symbols will work best.  Make sure you use a mix of capital and lower-case letters to make your password even more difficult to crack.

Change your password regularly – once every three months at a minimum.

Always log off when you have finished using a site and close your browser to prevent others gaining access to any personal details stored in the browser's temporary files or online.

Make your existing passwords more secure.  There are several techniques you can employ to make your existing passwords more difficult for hackers to crack.  Whatever method you choose you should remember to make it an easy and understandable method so you will have stronger passwords without much more effort.

1. Use the first letter from every word in your favorite expression, or line in a story, poem or movie.  For example, “Pay no attention to the man behind the curtain,” could lead you to the following password: PnAttMBtC.

2. Choose a word as your password, but then substitute similar looking numbers for letters in your passwords.  For example, Football may become F00t8a77 or sneakers may become 5n3ak3r5.  Here is a sample list of numbers that could be substituted for letters:

O…0
I …1
Z…2
E…3
H…4
S…5
G…6
L…7
B…8
 

You don’t need to associate every number with a letter.  What is important is that you remember your list of associated letters and numbers.

3. Choose a password that you want to use and then come up with a keystroke mapping system.  For example, if you choose to do an “upper-left” keystroke system you would choose the letter to the upper-left of the actual key you wanted.  So if your password was qwert (not recommended) your new password would be 12345 (also not recommended).  If the word you wanted to use for your password was football, your keystroke password would be r995gqoo. It sounds complicated, but you probably need to look at your keyboard anyway, so why not just choose the letter to the upper-left, left, or lower-right of the word you choose to remember.

A great idea

Use a standard password, but vary it for each website by adding something to the beginning or end of the standard password - perhaps the first few letters of the website url.

So if your standard password is 'standard' and you are visiting google.com, your password might be gstandardo.  When you visit yahoo, your password might be ystandarda.

Using this type of approach, you have unique passwords for every different website, but you can easily work out what each password should be from the website name.

An even greater idea

No matter how you approach password management, there's no substitute for having special complicated and unique passwords for every different website.  But how to then remember them all?

There's really only one solution to this.  Instead of lowering your password management standards, can invest in a secure password management tool.  Like, ahem, Roboform - see our review of Roboform here.

Summary

In today’s world we need a password or PIN everywhere. Let’s be honest, remembering our passwords can be annoying and somewhat overwhelming. So instead of keeping up our good password management practices, we tend to be a little less secure so that we can remember our passwords. We do this knowing that we are increasing our risk of exposure, but the alternative can be downright intimidating.

A small investment of your time today will help prevent theft and identity loss tomorrow.

Adapted and extended from an article originally provided by Bill Carey, Vice President of Marketing at Siber Systems, a software company based in Fairfax, VA.  Their RoboForm software is a password management & form filling tool.  Using RoboForm can resolve a lot of the problems associated with managing different passwords for different websites.

Related Articles, etc

If so, please donate to keep the website free and fund the addition of more articles like this. Any help is most appreciated - simply click below to securely send a contribution through a credit card and Paypal.

 

Originally published 23 Dec 2005, last update 21 Jul 2020

You may freely reproduce or distribute this article for noncommercial purposes as long as you give credit to me as original writer.

 
 
 
Related Articles
Protect Yourself Against Document Loss part 1
Document Loss part 2
Document Loss part 3
Securikey Computer Protection review
Effective Password Management
Roboform Password Manager review
 
[serverinclude/googleads/GA-160600-rhs-belowtop.htm]

Your Feedback

How Would You Rate this Article

Poor
Average
Good

Was the Article Length and Coverage

Too short/simplistic
About right 
Too long/complex

Would You Like More Articles on this Subject

No
Maybe
Yes

Back to Top