Stop the password thieves

What is the best solution to keeping all these passwords safe? Find out what options are available.

Managing dozens of passwords can be overwhelming, so users cheat. They open security breaches by using a lazy password, share the same password among multiple Web sites, or put sticky notes on their displays. Even experienced users heap their passwords into an on-disk text file that cyber criminals can tap and exploit.

Smart cards are one solution, but un less you use biometrics such as a fingerprint or retina scan, you can't eliminate passwords completely. The entire technology is deployable today, but the added cost for a corporate deployment can be discouraging—running from $12 for smart card and simple reader, up to $300 for a card, a reader and biometric scanner.

A cheaper solution is the password vault, which stores the passwords on the system's disk drive in an encrypted data file. Also called password managers or password safes, users cut-and-paste passwords from the vault into programs. Some products even hot-key the log-on name and password into a sign-on form.

The programs—available from Celerity Consulting, Counterpane Internet Security, Roth and Cannalte Software and Passlogix—use a single user name and password to grant access to all the passwords. Lose the password, and the strongly encrypted data file is toast. Once opened, users can do the usual maintenance tasks and extract passwords. And even if cyber thieves grab a copy, they can't easily pry into its secrets.

The cost-per-user for these programs ranges from freeware to about $30. Site or corporate licenses often are available.

Product features vary, such as hot-keys, automatic user log-on, the user interface, and database transfer and backup. Be sure to examine the type and strength of the encryption, and what you can do to force the master password to conform to "strong" password guidelines.

These products may send shivers down a network admin's spine, but users with too many passwords are going to use a tool to manage them—be it these products, a pen and paper, or a text editor.

Better to dance with the devil you know, than to have the unknown terrorize a customer's network—leaving you to clean up the mess.