More and more work is being done online. Businesses order online, and browse vendor web sites for product information. Banking is done online. Accounting and legal research tools that used to take up a library now are an icon on the computer desktop, accessed via the Web. Software is often delivered as a service through a web browser. If you connect remotely to work with clients you probably connect via a web session, such as WebX or GoToMyPC.
Each of these secure web sites requires a username and password. If money is involved, you want to be sure the password is unique and difficult to guess. Most people end up using the same passwords, or keep a list, often on a spreadsheet or in outlook contacts.
Some use the remember password feature in Internet Explorer or Firefox. When an employee leaves, all these passwords should to be changed, although they often won’t be.
The solution is to use a password management program. This is a piece of software that securely stores your passwords, and protects them with another password. They can log you on automatically to secure web sites in many cases. Password management tools come in single user and network versions. The network products allow you to set rights to view and use groups of passwords based on user groups, and store the passwords in a central networked database (encrypted), so changes are visible to all users. This also simplifies changing passwords when an employee leaves. Most also have the ability to fill in the username and password for you, and to capture information directly from a web form. Many will automatically generate complex passwords for each site. Here are some of the available password managers:
www.aespasswordmanager.com – multi-user capability, about $30 per user
www.sowsoft.com/password-manager.htm multi-user, $199/5 users, $350/10 users.
www.roboform.com – full featured. Enterprise version also available for 100+ users.
http://keepass.info Good choice for single user, and free.
www.ewallet.com Single user, popular commercial product.
http://passwordsafe.sourceforge.net Free, open source.
www.manageengine.co.uk/products/password_manager web based enterprise pw manager
The built in Windows password remember feature is completely insecure. Firefox also has a password manager which can be hacked fairly easily. Here’s how to reveal hidden passwords in Firefox and Windows: www.megaleecher.net/Reveal_Hidden_Passwords_Behind_Asterisk
Excel passwords can also be cracked – Excel 2007 is safer. Here is one of many tools to recover MS office passwords: www.net-security.org/secworld.php?id=5544
Tim Torian has taught computer networking at the College of Sequoias and Cal Poly Extension. He has a BS in Computer Science, and has been consulting on computer networking for the past 30 Years. His industry certifications include: Cisco CCNA and CCNI, Microsoft MCSE. He was recognized as Entrepreneur of the year for 2008 by the Tulare County EDC. He is president of Torian Group, Inc. which provides a full range of Technology Consulting services to local business, including computer services, networking, web and custom software development. www.toriangroup.com