Tuesday, February 1, 2011

Passwords? We don't need no stinkin' passwords!

Having informally surveyed some colleagues, I've concluded that outside of work, almost no one is managing his passwords. To wit:

"There are too, too many sites I frequent. Changing passwords on each one would be chaotic!"
"I think I can probably maintain one super-complex password, and use it on all my web sites and probably be just fine."
"No one is interested in my password."

I did talk to one fellow who maintains a password-protected spreadsheet on his hard drive containing all his "target rich" websites, such as banking and work portals. I asked him what would happen if he's away from his computer containing that spreadsheet, or if the computer dies. He said that he'd have some password-resets to do, but he could deal with it.


Personally, it's hard enough managing work-related password resets without adding personal favorites to my shrinking cranial capacity. It's a good thing I don't have to. In fact, I only really manage one password in my head. It just so happens that it is with that password that I unlock all my other passwords.
Of course, one of the peculiar features of this technique is that I plainly do not know any of my hundred or so passwords. They are all randomly generated according to the password restrictions of the venue I'm patronizing. Special characters, uppercase, lowercase and numbers-- it's all a black box to me.

How do I do it? It's called RoboForm Everywhere.

I'm not exactly sure when I came across RoboForm, but I do know that I've been using it for at least four years. What appealed to me was the speed with which I could move from site to site without clicking drop-down boxes and the like that commonly appear in the password managers in web browsers. Since that time a few years ago, RoboForm has evolved, and I must say it has truly liberated me from the frustrations of password management. Let's look at some usage cases:

Scenario (1) At the home computer
In this scenario, RoboForm maintains a password-protected, encrypted file on a local or mapped hard drive. Any changes I make, RoboForm syncs to the cloud. So even in the event that my home computer kicks the bucket, my passwords are just a sync away.

Scenario (2) On the laptop
In this scenario, RoboForm's locally cached passwords are synchronized via the cloud, so the changes I made at the home computer (scenario 1) are immediately available on the laptop. Very handy.

Scenario (3) On the work computer
This is a neat one. As most work machines are locked down pretty thoroughly, installing personal software is verboten. But that doesn't present a problem for me, as my passwords are also in the cloud. Yes, I could merely load up the website, authenticate and access those little treasure troves, but it is even easier than that. With a simple java-enabled shortcut strategically placed on my bookmark bar, I can load passwords, fill in the password forms, and authenticate--all initiated from the web browser shortcut. Wow. No installation required. If you can drag a shortcut to the bookmark bar, you can hit all your work sites and more.

Scenario (4) At a public kiosk or friend's machine
Not cool enough for you? Well in this scenario I'm without access to any machine I own or am assigned. So what to do? Well, I insert the 3.5 cm x 1.2 cm USB flash drive from my key chain in the computer, and voila! RoboForm2Go loads and does its thing. And yes, my passwords are in sync, as RoboForm Everywhere will let you sync to as many computers as you own (with a single license), as well as to a flash drive that you own if you license their value-added RoboForm2Go. Very liberating, indeed.

No comments:

Post a Comment