I have a dirty secret to share with you all today: until recently, I had a very good strategy for keeping track of my different passwords for sites Web connections. Near my desk is a worn set of stapled sheets of paper with notes on which several, user name, email address and password that I used to authenticate services. Fortunately, I work alone, but it still bothers me that if someone were to come into my office, those pieces specialty paper would probably be the most important thing to find. I know some of you use Sticky notes for this purpose and keep them where no one was looking, as below of their keyboards.
There is a better way, and I'll get to in a moment, but first I want to take over what some of the other solutions I have tried and rejected. Since I do most of my work on my laptop, why not automate the credentials in my browser? That's good for some of the sites I use most often, but not very secure if someone get a hold of my laptop.
Another idea is OpenID.net, which is an open source collection of websites umbrella identity, including Yahoo, MySpace, Facebook, among others. OpenID sounds great, until it begins to look under the covers, and realize that if a creator Ahold phishing is increasingly one of yours authentication on a site, can access almost all other OpenID sites. This is more 'phederated ID' and a paradise for hackers. The problem is that once you authenticate correctly on a Web site, you can use your OpenID URL to access anything else.
I mentioned in previous letters from Ping.fm Quub.com trying to consolidate all of your logins social network in one place, and be able to update your status message through the Board. But it is worrying when I get emails from Quub mention that have improved their system and "had to delete existing credentials everyone that is encrypted with old algorithm. Please re-enter your credentials in Settings … "
RoboForm is another solution, which basically automates the credentials and saves it to a place on your hard disk encryption. That's great, but what happens if you are using a different computer?
Another way is to use some kind of two-factor authentication, so called because it uses something that you – and only you – have in their possession, as a special and unique SecurID token. I I have one for my PayPal account, cost $ 5 and well worth the extra protection it offers. Basically, nobody else can use my account unless you use the command to log
href = "http://tinyurl.com/paypalkey"> http://tinyurl.com/paypalkey
But the problem with these cards is that you need one for each of your accounts. There are some sellers who are trying to solve this problem by using cell phone one as a second factor of authentication, such as tool and Phonefactor.com FireID.com. Both require some integration of their tools in their applications, not is nice if you want to apply them universally to all Web authentication. FireID solution is to use a special server that sits on my network, while PhoneFactor requires software agents to download to your desktop or to integrate into your Web applications.
So what else can you do? The service I'm trying now is called Tricipher and MyOneLogin.com. It costs $ 30 a year per user, and everything is done through its hosted service so you have to download anything other than of an optional IE or Firefox browser plug-in to handle some tasks. You created a special web portal for your company, and then add their credentials to the various sites. Comes with hundreds of pre-established applications and can operate with special knowledge questions (what was the name of your third grade teacher) or your cell phone. The MyOneLogin good is that you can set it and forget their passwords, because no matter where you are, you can login on the portal and then to their applications. You can mix and match web and internal applications, such as your VPN access information, too, without any programming or installing any server. It's also a great solution, if a company wants to keep control of these credentials to these sites, so when you leave you can not take shortcuts with you.
Look for one of my WebInformant.tv screencast video demos in the near future that will show you more about the service. And you can try it free for 30 days if you are interested. Maybe now I can finally throw those pieces of special paper – but first will make sure to shred them!
David Strom is a noted speaker, author, podcaster and consultant who has written two books and thousands of magazine articles for dozens of IT publications such as Computerworld, eWeek, Baseline Magazine, Information Week and Information Security magazine. His blog can be found at http://strominator.com and he can be reached at david@strom.com
HOW TO make Mozilla firefox faster!!! 10x!!! LIKE A FOX!!!(UPDATED)
