Moving my passwords from my wallet to the cloud

April 6th, 2010 posted by terje
Add comments

Stopping passwordreuse with Roboform Online and GoodSync

A lot of people have a handful of passwords that they keep re-using for more than one personal online account.
This is a habit that is as understandable as it is dangerous, since we are constantly creating more and more  online accounts and remembering unique passwords and where they should be used is not an easy task.
Even though most of us have been fine reusing the same half-dozen-or-so passwords over and over again for years, I think the days of innocence are coming to an end, as recent studies by  Kaspersky Lab shows that “Password reuse opens door to ID theft” .

Passwordmanagers are well and good but they have one big problem  – you are helpless when you do not have access to it.

Ever since I first started getting serious about stopping reusing the same password for more than one online account, I have been looking for a scheme  that would make it easy to remember passwords for accounts I use a lot, while at the same time keeping them all unique, so that one compromised password would not give away the login information for half a dozen other accounts.
The second thing I had to do was finding a way to securely store the passwords so that they could be retrived whenever I needed them.
Lastly I had to create a list of all the accounts I have, and starting changing the passwords to unique ones.

The answer to the first two I found in this article by Sean over at F-secure.

In his article he explains a scheme that will let you create a unique password where 
One part of the password will identify where it should be used,
One part of the password is unique for the account
The last part of the password will be a pin-code that will be the same for all passwords – this last part you will memorize.

The list can be written down on a post-it and stored in your wallet for easy access.
Without the pin-code it is worthless to anyone but you.

I decided to give it a try, with a modified version of his scheme, and started changing my accounts, and sure enough -after a while you will remember the ones you use regularly, the rest are always with you in your wallet.

The biggest problem is actually to never fall back to old sins and start reusing passwords again, and the fact that the post-it’s will get worn out after a while.

This is fixed by getting “Roboform-Pro”,   a regular passwordmanager -but with online synchronization between several machines, and a web interface that can be accessed from anywhere..

Every time you create a new account the app springs to life and asks to save it, maybe generate a new password, and it is then synchronized to the cloud and with your other machines the next time you use them.

Your passwords can be accessed though a web  interface accessable from anywhere, all protected by up to 256bit AES encryption if you make a long master password.

- And for us that have become accustomed to having all our passwords in our pocket, it even has a lovely little IPhone app that you can synchronize as well.
Check them out on www.roboform.com 

When you have a list of all your accounts there is suddenly a whole lot easier to actually change  your passwords every once in a while to..