How can you
protect your password?
Now that you've chosen
a password that's difficult to guess, you have
to make sure not to leave it someplace for people to find. Writing it
down and leaving it in your desk, next to your computer, or, worse,
taped to your computer, is just making it easy for someone who has
physical access to your office. Don't tell anyone your passwords, and
watch for attackers trying to trick you through phone calls or email
messages requesting that you reveal your passwords.
If your
Internet service provider (ISP) offers choices of
authentication systems, look for ones that use Kerberos,
challenge/response, or public key encryption rather than simple
passwords (see
Understanding
ISPs and
Supplementing
Passwords for more information). Consider challenging service
providers who only use passwords to adopt more secure methods.
Also, many
programs offer the option of "remembering" your
password, but these programs have varying degrees of security
protecting that information. Some programs, such as email clients,
store the information in clear text in a file on your computer. This
means that anyone with access to your computer can discover all of
your passwords and can gain access to your information. For this
reason, always remember to log out when you are using a public
computer (at the library, an Internet cafe, or even a shared computer
at your office). Other programs, such as Apple's Keychain and Palm's
Secure Desktop, use strong encryption to protect the
information. These types of programs may be viable options for
managing your passwords if you find you have too many to remember.
There's no
guarantee that these techniques will prevent an attacker
from learning your password, but they will make it more difficult.
Authors:
Mindi McDowell, Jason Rafail, Shawn Hernan