Did I just Steal Your Password?

If your current password management solution looks something like the picture here, it’s quite possible anyone could steal your passwords. The person next to you at Starbucks may appear to be smiling politely in your direction, but they could be using the eye contact to distract you from their effort to copy down your user account information.

Post-it Note Security

I see sticky notes with user data plastered on laptop cases all over the place. Coffee shops and airport gate areas, and the Seattle to Bainbridge ferry are just a few of the places where I see this general lack of security.

Dramatically increasing your password security takes minimal effort. Firefox includes a great password management solution if you only have a few passwords to remember, just be sure to enable the encryption option and protect your passwords with a master password so you aren’t exposing them. I use Roboform for my own password management. If you’re on a Mac keeping your passwords in the Key Chain will do the same service, which might be why I almost never see sticky notes on a Mac. Those are just a few of the options, there are literally dozens of password managers.

Posting your passwords in a public way will get your data stolen. This post was most recently inspired by the woman sitting next to me in coach on my BOS to SEA flight Sunday. Her sticky note password solution looked just like this. My other favorite is the sticky note under the keyboard trick used by several of my co-workers at an insurance company I worked for over 10 years ago. If the goal is to keep administrative level access to those with the appropriate clearance, a sticky note is a lousy security plan.

And while I’d never consider stealing a password from anyone, I do occasionally point out that there might be a safer alternative. How about you? Ever recommend a password manager to replace the sticky note solution?

12 thoughts on “Did I just Steal Your Password?

  1. You way oversimplify the situation. I use multiple computer and have around 80 different passwords. Most times I log into a site that I haven’t used in the last month, I end up having to request my password be emailed to me because who can remember which site requires how many alphanumerics in a row or what. I wouldn’t assume that everyone who resorts to a sticky note is just some unsophisticated rube. It’s actually difficult with few cross-machine-solutions that don’t involve carrying a thumb drive wherever you go available.

  2. I have tried Roboform on a couple of occasions and it is SERIOUSLY lacking in user friendliness. I also had an issue of multiple computers and of how I could access online applications from remote, or borrowed, computers. It appeared that I would have to know my (or an assigned) password for that condition. If I have to have a password then, why would I let a machine assign a password otherwise. What happens in a computer crash? In addition to the steep learning curve, there were several additional issues I had with Roboform. Coded sticky notes stored in an unconventional place is the better solution.

    If my reservations were unfounded, Roboform does a mighty poor job of communicating this to the public.

  3. @jess zimbabwe – Roboform online directly addresses the problem you outline by making itself accessible from any browser without needing a thumb drive, which also means it works across platforms as well. I have 14 different computers I use at various times throughout the week and I have no idea how many passwords I’m storing but it’s well over 100. The post-it solution is obviously easy, but if I can see your password, then so can people with far less scruples.

  4. @John Shelton Roboform does also have an online password solution (as mentioned in my reply to Jess above, in addition to the installed version. My solution is to carry a thumb drive with the Roboform2Go app, which I can then use on any computer.

    What happens when a computer crashes is you restore from your backup, just like you would for any other data failure. You do backup your data, right? :)

  5. Keepass portable…………………… I have it on my laptop, ipod, usb stick, phone, camera card. Synchronise and yeehah. Never been caught without it yet.

  6. Some people worry about storing their passwords online but most solutions today store only an encrypted version. You supply a “master password” when you want to get other passwords out of the vault. Of course a vendor could just say that’s what they were doing. Anyway, similar to the Roboform online solution is LastPass from http://lastpass.com It’s what I’m using.

  7. A big vote here for open source KeePass. We techs at the ISP where I work all use it, having tried lots of others.

  8. I have used Roboform for so long i do not know the date i started. I do know it was in beta at the time.
    I used Lastpass for a bit because of an issue with the install of Roboform. I have since rebuilt the machine and now am back to Roboform but for a while I was using Lastpass importing my Roboform passwords. It worked as well as Roboform and actually was a bit better. I am still toying with going back to Lastpass but I have a lot invested in Roboform.
    If you are looking for a great password manager and you have limited funds than I recommend Lastpass as are true viable alternative.

  9. As for me,i prefer use LoginTrap.It’s prog can capture every login events by using iSight.It’s helps me a lot.

Please share your response to this post...