Password phishing scares don’t usually affect me, and today’s news isn’t really enough to make me go through the trouble of changing my passwords across all my online accounts, but its the usual mix of nothing-to-do-today and the realization that I haven’t really changed passwords for a long time got to me. We all know the unfortunate hacking incident that (allegedly) happened to Jacque Bermejo, right?
So after spending time figuring out the new passwords I’d use, I also looked up possible password management solutions, and came up with this pretty straightforward approach:
- Use Passpack (for online password management).
- Use Dropbox and store an encrypted backup copy of a list of my new passwords.
This setup was partly inspired by this post, though I simplified and made that part of the solution my backup method. Yes, not exactly a geeky solution, but these were based on a few considerations:
- Passpack looked good, and it did feel nice and secure once I actually used it. I know that hosting sensitive data on a web service that you don’t host yourself is an iffy thought, but then self-hosted solutions aren’t always the best solutions to less-than-complex needs. I use Gmail for all my email needs, and with Windows Live (Hotmail) and Yahoo Mail also giving out unlimited storage, who needs their own POP (or similar) personal client-side mail solution these days? In contrast, I haven’t been enjoying the frequent self-hosted WordPress updates, and the idea of just moving to a site hosted on WordPress.com has been brewing in my head for some time now.
- Encryption software, such as Truecrypt, sounds like an awesome way to deal with storing sensitive files online. That, however, involved having the software with you for decryption. I don’t usually see myself in netcafes, but one thing that makes Truecrypt virtually useless in the netcafe situation is that you need PC administrator access to run it. Not exactly a setback, it makes perfect sense, but I opted for something easier: using the AES 256 bit password protection offered by 7zip. Now, all usable computers can handle that setup.
- (Offline) Password managers like KeePass and PasswordSafe will fall under the above-stated situation, wherein you would need the actual software for encrypted file access.
- I use a desktop both at work and at home, and seldom travel or go mobile. I don’t keep a pocket drive or USB drive with me as well.
- A minor setback would be mobile phone web browsing, but I’d only need to memorize 3-4 passwords for that anyway.
So far, so good. Oh, and let it be noted that my simple password strategy is solely for personal purposes, though some of this info may still be helpful in coming up with a business-purposed one.