You can't rely on electronic password storage alone.
Al Fasoldt's reviews and commentaries, continuously available online since 1983

T e c h n o f i l e
How to safely store passwords and sensitive data

Sept. 28, 2008

By Al Fasoldt
Copyright © 2008, Al Fasoldt
Copyright © 2008, The Post-Standard

   There are only two kinds of Internet users -- those who have already forgotten their passwords at least once and those who haven't done it yet. Fortunately, there are easy ways to make sure you can get that password back even if it seems lost forever in the recesses of your memory.
   I'll tell you about an inexpensive program for Windows and Mac users that will let you keep your passwords and other important information on your computer, ready to be retrieved when you need to use them. I'll also describe a simple way of password storage Mac users have that doesn't cost a cent. And I'll discuss a common-sense way to keep passwords safe outside your computer.
   But first let's explain things. By "passwords" I'm referring to both the passwords and logon names you use on the Internet. I'm sure some of you have figured out how to use the same logon name for everything, but the rest of us -- me included -- have discovered that some sites won't accept the same logon names as other ones. (For example, one of the discussion groups I've joined requires my full e-mail address as the logon name. I've got five or six e-mail addresses, so not only do I have to remember to enter my full address, I also have to know which e-mail address the site is asking for. Whew!)
   One more thing. Some of you are wagging your finger, telling me your computer automatically remembers and types all this stuff for you. Maybe it does. But it won't always. When it doesn't -- when it forgets (or when you reinstall things and need to type your personal stuff yourself) -- you'll be glad you've got them stored safely away.
   The program is SplashID. It normally costs $29.95 but is selling now for $19.95. You can buy SplashID or download a free trial version from www.splashdata.com/splashid/desktop. There are many versions of SplashID -- for Windows and Mac computers, for smartphones, and for pocket computers such as Palm, Pocket PCs and Blackberries. You'll see a list on the site.
   SplashID is easy to use and seems safe from prying eyes by encrypting everything. There's enough space in each entry to record all the data you need about a particular password or other personal items, such as prescription drug information and credit card numbers. I like that.
   A similar feature, included free with all Macs, is the Secure Note function of Keychain Access. Mac users will find Keychain Access in the Utilities folder of their Applications. Click "New Secure Note item" in the File menu and type the information you want to store. When you close the note, it will be encrypted and can be viewed only after you type the system password.
   Windows does not have a feature similar to the Mac's Keychain.
   Storing passwords on your computer sure beats leaving the keyboard and rummaging through your dresser drawers when a Web site is blinking at you. But you can't rely on electronic storage alone. All your important passwords and logons should be kept in a safe, and the main ones -- the ones you use when your computer boots up, if you've set it up for safety -- should also be stored in your wallet.
   But how? Do you simply keep a note to yourself that says "Logon: mjsmith password: b.eagle10"? Not at all. You write a note that lists important phone numbers and use a little cleverness to hide your info within them. For example, one entry might read "MJ at SmithBarney - owns 10 b-grade eagle gold coins - 445-6789." The point of that kind of "code" is to remind you of the real thing, so you don't have to be literal. (You can be literal all you want in the list you keep in the safe, however.)
   Some experts tell you yo change your passwords every six months or so. I don't think that helps much. It's more likely to force users to choose easy-to-crack passwords. The bad guys can figure out simple passwords in just a few seconds, so always make sure yours contains numbers and punctuation as well as letters.