You’ve probably experienced password amnesia if you do any Web surfing at all: you return to a Web site you registered at weeks before, only to realize the particular user name and password you created for that site have totally evaporated from memory. Suddenly you can’t remember if the password is your dog’s name (no, that’s my eBay account), your favorite vegetable (nope, used that for Hotmail), or maybe just your birthday (or was it my
birthday?). After exhausting the 37 different user name and password combinations you’ve somehow managed to accumulate in your Web travels, you give up and, in desperation, end up creating a new registration, adding yet another user name and password to the collection.
And it just keeps getting worse: each week you’re hitting more members-only Web sites, signing up for another free e-service, or joining a new online auction. Your list of passwords keeps getting longer. How do you keep track of all this vital informationwithout compromising your security?
Mac OS 9 makes managing the plethora of passwords much easierwith the Keychain, which allows you to stash multiple user names and passwords in a single, secure, password-protected control panel (see “Meet the Keychain”). But regardless of which OS you’re running, there are a few tactics you can use to keep your password-protected data safe and secureand easily accessible.
Set It, Forget It
Many Web sites offer to remember your user name and password for you by planting a cookie file on your hard disk. A cookie stores all your relevant user information and enters it automatically when you return to a Web site, saving you from having to manually log in. In addition, some browsers, such as Microsoft Internet Explorer, let you save passwords on a site-by-site basis, freeing you from having to remember user names and passwords at all.
These features certainly make life easier, but they also present two huge problems. First, storing such settings on your computer is an obvious security risk. It essentially means that anyone who gains access to your computer can easily log onto Web sites, mount network volumes, and send e-mailusing your identity. It defeats the whole point of password protection.
Second, this “set it and forget it” approach almost guarantees that you will, in fact, forget these passwords because you never have to type them. That’s all just fineuntil you’re on the road or at a friend’s house and you need to use another computer, one that doesn’t contain your personal cookie files. You may be prompted to enter user names and passwords you’ve long since forgotten.
Secret Hiding Places
Security experts say that as a general rule you shouldn’t keep unencrypted passwords stored anywhere on your computer. But unless we’re talking about issues that involve national security, you can safely keep such information close at handas long as you keep it cleverly disguised.
One easy way to do this is to camouflage password information within entries in your contact database, PIM, or address book. I know people who’ve done this for years, and it works great.
You can hide passwords just about anywhere as long as they don’t look like passwords. In this example, a password (Hamlet) and user name (Columbus) are hidden in a Palm Desktop address-book entry.
Suppose you register at a Web site about animal care, where your user name is
and your password is
. Just fire up your contact database and create an entry for, say, the Columbus Veterinary Clinic. Make the address 492 Hamlet Circle. Give the entry an authentic look by adding phone numbers and other details (see “Contact Camouflage”).
Now you have an easy and secure way to look up your password. No one is likely to deduce where you’ve placed this information, especially if it’s in among hundreds of legitimate contacts. At the same time, the info is readily available to you whenever you need it. (And if you synchronize your desktop contacts with those on your Palm, you’ll automatically have all your passwords with you on the road, too.) Generally, just seeing a contact entry will be enough to jog your memory and remind you which words constitute your user name and password.
By the way, the same trick can be used effectively to store other sensitive data, such as bank-account numbers, PINs, and credit-card info. Make up names (Vince Cardiff for your Visa card, for example), and turn account numbers into telephone numbers and expiration dates into addresses. The information is close at hand but never at much risk of being stolen.
The Good Word
Finally, if you’re not looking for Pentagon-level security, you can alleviate some password amnesia simply by settling on just a few passwords and user names (or even just one), rather than making up creative new ones every time you sign up for a new e-service. As you’ve probably heard before, passwords should not be obvious choices like your last name or anniversary date or the name of your pet gerbil. One good approach is to pick a word at random: open a book or dictionary, turn to any page, and point to the first word you see. Make that your universal password. Then you’ll have only one word to remember.
JOSEPH SCHORR, a coauthor of Mac Secrets, fifth edition (IDG Books Worldwide, 1998), has accumulated more than 40 user names and passwords in the last 12 months, including Frogman, Kukumbuka, and Murrv.
Meet the Keychain
The Keychain control panel lets you store all your passwords. To see the password for a specific item on the list, select the item, click on the Get Info button, and enter the master password when prompted.
Mac OS 9 doesn’t completely eliminate the problem of managing your numerous user names and passwords, but it does make it much easier, thanks to the Keychain feature. The Keychain is a control panel that allows you to permanently store all the passwords and user names you need for connecting to servers, logging onto Web sites, or opening locked applications (see “Open Sesame”). These password “keys” are stored in a single Keychain file that, in turn, is locked with a master password. You still have to remember a passwordbut only one.
Set up Mac OS 9’s Keychain to automatically relock your passwords whenever your Mac is inactive or asleep.
Keychain-aware applications, such as AppleShare, automatically check the Keychain for a password when it’s required, so typing in your master password unlocks access to numerous password-protected sites. Even with the Keychain, caution is needed: when your Keychain is unlocked, anyone using your computer can gain access to items requiring your passwords. However, you can configure the Keychain control panel to relock itself after a specified period of inactivity. This option is not on by default, so be sure to activate it (by choosing Settings from the Edit menu in the Keychain control panel) when you first set up your Keychain (see “Lockdown”).