Unfortunately your man of steel password could be as safe as a woman of kleenex if your PC becomes infected by a keylogger. Not someone who cuts down trees and skips and jumps, a key logger is a piece of software that sits on your PC and transmits every keystroke you enter back to the criminal who wrote it. So as you smuggly enter your 15 character super password, with more special characters than an episode of Heroes, a vilain with an even smugger smile on their face could be receiving it on the other side of the world.
First and foremost, you should protect yourself from spyware and malware in general to the best of your ability (see my post Tinker, Taylor, Soldier, Spyware for details of how to do so). However, even with the best protection in the world, there is still the chance that something slips under your radar. So what do you do?
The solution to this problem is to use a password manager. A password manager can sidestep keylogging by storing all your passwords in an encrypted file on your PC then entering them via a virtual keyboard. As the keyboard is never used the key logger wouldn't get a sniff of the details you enter. Hurrah !!!
Reccomendation
A few years ago I spent a significant amount of time burning the midnight oil and researching password managers on-line, reading reviews, downloading and using trial versions and ending up with rings round my eyes so I looked like a panda. Finally I settled on a product from Siber Systems called Roboform.
Features
The features that sold me on Roboform initially and still have me using the product today are:
- Security - Roboform stores your login details in an encrypted file using 256 bit encryption using AES, Blowfish, RC6, 3-DES or 1-DES algorithms. The Pentagon may be able to crack it, but your average hacker probably wont.
- Single Click Web Page Entry - Roboform has the ability to login to a website with a single click, and to poplulate personal information fields, such as address and phone numbers, again with a single click. It can also fill in card details, warning you when it does so. Again this information is encrypted on your PC and again it wont fall foul of a keylogger.
- Multi-Browser support - A Roboform plugin works with Firefox and IE. For unsupported browsers you can still use it by drag and dropping your information into the relevant fields on the webpage.
- Safenotes - Another feature of Roboform is the safenote. A safenote is a free format note that is encrypted using the same algorith as everything else. This means, for example, if there was sensitive information you wished to keep on your PC you could enter it into a safenote to stop it being hacked.
- One password to rule them all - Roboform has one master password which it uses as the encryption key for the data you store. As such you only need to remember a single password to access all your others. This password should be strong and I would reccomend you follow the techniques I previously outlined in The Art Of Creating A Password. If you just need to remember one password, make it a good one.
- Automatic password generation - One useful utility included in Roboform is the facility to automatically generate a password. This allows you to specify the length of password you want and the type of characters you want to include (alpha, numeric, special). Press generate and a password is randomly generated to your specification. As you can imagine this tool can provide you with some very strong passwords. As you don't need to remember them you can generate the best possible password that meets the constraints of the account you are logging in to, thus giving you the maximum possible password security.
All in all I've found Roboform an excellent tool that definitely makes my A-List. There are other features available which you can check out on their website at http://www.roboform.com/. My advice would be to download it, try it and then buy it.
No comments:
Post a Comment