Despite the fact that password alternatives are available, you might find
that you have no choice but to use a username and password. Here are a few tips
for such cases:
- Patronize Web sites that require usernames and passwords only if the Web
sites use Secure Sockets Layer (SSL). If you can t connect to a Web site by
using HTTP Secure (HTTPS), or if the padlock or equivalent symbol doesn t
appear in your browser for that site, don t use the site.
- Choose strong passwords at least eight characters in length and consisting
of upper and lower case letters, numbers, and punctuation symbols. If possible,
use a passphrase at least 16 characters in length (e.g., TheC0wJumpedOverTheM00n!
). Easy to remember, they re almost impossible to brute-force crack and aren
t easily subject to attacks that use rainbow tables (sets of possible password
hashes and their precomputed plain text equivalents).
- Choose a different password (and username, if possible) for each system.
If your credentials are compromised on one system, an attacker can t use them
on other systems.
- Given that you ll end up with lots of credentials if you use a different
username and password for each account, I recommend you invest in a cheap
biometric device such as a fingerprint reader that lets you store each set
of usernames and passwords and authenticate to Web sites automatically upon
presentation of a finger. As an alternative to a biometric reader, invest
in a software-based credential vault such as CodeWallet Pro (http://www.developerone.com/code
walletpro/) or RoboForm (http://www.roboform.com).
- Don t store credit card or personally identifiable information on Web sites.
It might be a nuisance to reenter information each time you use the same site
but it s preferable to having to replace your credit cards or deal with identity
theft.