Complex and Portable Passwords

Tuesday, November 10, 2015

Jayson Wylie


A person needing to keep and collect passwords for resources, throughout their lives, can create situations where maintaining them requires constant resets or means that could lack security.

A few hardening pointers in an earlier article were address for passwords that can be remembered.  Any type of password required some muscle of finger coordination memory but after some duration they would need to be changed to be maintain security requiring more memorization.    Maintaining a large variety of passwords, after system log on, to sites and systems can create stress and not allow mobility.

There is usually a problem with remembering, with context and muscle memory, all the passwords one needs to the resources they need access to. It is not usually recommended to allow the same password to be used across the board that are subject to a full compromise of credentials after a potential intruder finds out one.  It is also not recommended to write down these passwords or keep them on a computer that can be seen on the Internet.

Recent personal needs have required a new approach to allowed complex passwords that are not easily identified, remembered or stolen.  In addition to using dual factored security for public emails I have used a USB key to stored all my public site and system credentials.  This allows for passwords that are not remembered and available one where they go.

The USB key can contain encrypted files or be a solution like Ironkey.  This can allow a long and complex password to be used to cut and pasted a to the site or system logins.  As long and there are no data loggers on the system, that can capture the clipboard, the password would be safe from capture.  These passwords will be hard to retrieve even when someone could be watching the display because they are not logical and are a complex string of characters.  Make sure they are designed like this.

They can be tied into a single sign-on solution like those that are found in a browser or integrated feature like Apple’s keychain with personal devices.  I trust this solution and have a USB key on my physical keychain and take it with me wherever I go and although usage is not recommended on public machines, they can be stored and ported to machines and networks one trusts.

General Infosec Island Security Awareness Privacy
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.