Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Things we can learn from Animaniacs

Things we can learn from Animaniacs

  • Comments 3

Does anyone remember that cartoon from the 1990’s, Animaniacs?

image

It was a pretty good cartoon for its short run.  One of the segments that they aired was called “Good Idea, Bad Idea”.  It was a short clip segment.  It would go something like this:

It’s time for another good idea, bad idea.  Good idea: giving a small child a balloon.  Bad idea: giving a small child a bunch of balloons (and the child then floats away).

image

It was a humorous segment.  And that brings me to advice that computer security experts give.  Good idea: using good password policies for all of the sites you visit on the web.  Bad idea: using different passwords for every site.

Why do I say this?  While we should always use good passwords (like letter/number combinations, nothing obvious like “123456” and “password”), it’s completely unrealistic to have different passwords for every site if you have a very wide reach on the web.  Consider myself:

  • I have an online bank account from back in Canada
  • I have another online bank account (which I opened when I moved to the United States)
  • I have a third online bank account
  • And I opened up a fourth online bank account!  In truth, I did this to get the free $100 for opening an account, but now that it’s open I think it’s kind of convenient to have since the bank is not local
  • I have an online trading account
  • I have an online retirement account from back in Canada
  • I have an online retirement account when I moved to the United States
  • I have a Facebook account
  • I have a Twitter account
  • I have Yahoo, Gmail and Hotmail accounts
  • I have a login to my work computer
  • I have a login to my Mac computer at home
  • I have logins to two or three discussion boards which I participate in every once in a blue moon
  • I have logins to a couple of websites (including this one) on which I write articles
  • I have logins to a bunch of bill payment sites like electricity, rent and car insurance
  • I have logins to online websites which I use to buy things

In total, I must have close to thirty different sites at which I login to.  How in the heck am I supposed to remember 30 different usernames and passwords?  On at least 1/3 of these sites, I have forgotten the password and I have to reset it nearly every single time I return to the site because I login maybe once a month.  It’s so frustrating! I know that using different passwords is good advice, but how realistic is it?  Humans cannot remember that many different combinations of things without resorting to some memory tricks.  Even then, it is still difficult.

There must be a better way.

Leave a Comment
  • Please add 8 and 3 and type the answer here:
  • Post
  • You should simply use some logic to "alter" your main password adapting it to the specific service.

    Just invent your own "transformation": it should not be "guessable".

    E.g: you could add a number, the number of chars in the domain you are logging in, the second letter from the domain you are logging in.. you can add transformation, like substracting the number from another number, or altering the letter with your own algorythm.

    Otherwise you can use an online password manager like www.clipperz.com and www.passpack.com. I'm sure that clipperz have almost no security implications because the password are stored encrypted in their servers and they cannot gain access to your passwords.

    It helps generating different passwords for each service and simply use a single phrase to use them all.

  • I have the same problem, and I manage it by using an encrypted password vault. I have a copy on my laptop and one on a USB stick that goes with me everywhere. Not ideal but way better than trying to remember 70 (!) different passwords!

  • I've been using KeePass for years, it's excellent and free. You can use something like dropbox and have access from anywhere or dump it on a USB stick

    Features:

    Powerful and secured

    KeePass is a secure password manager that allows you to store your sensitive login information in an encrypted database.

    It allows you to organize your entries into categories and offers several ways to conveniently enter your username/password.

    Easy to use

    you can use drag and drop, copy to the clipboard, or create auto-type sequences that can enter the login information with a single click.

    Many optional features

    you can use drag and drop, copy to the clipboard; other features include password generator, auto-lock, database search, import/export, and more.

    Safe

    KeePass encrypts the database with the AES or Twofish symmetric ciphers, both among the highest advanced encryption standards.

    Free!

    www.keepass.com

Page 1 of 1 (3 items)