If you have a tendency to forget passwords, there are a variety of programs that can save you trouble.
When you forget or lose a password needed to sign on to computer systems and services, it can be embarrassing, inconvenient and even costly.
And when corporate departments and services automatically issue jawbreakers like 3X , the job of password management looks impossible.
Enter password management software to help.
There are a variety of inexpensive programs that store and organize passwords, user names and other login information. You only have to remember one password to open the software that manages the others.
Wall Street firms are the biggest customers for v-Go password management software from PassLogix, according to Marc Boroditsky, CEO of the New York company.
"We feel very confident that it meets the rigorous security requirements they have," Boroditsky says.
The program is easy and even fun to use. You can enter any number of passwords and other security information into it. A single password controls access to all of them. You select it with the help of appealing and easy-to-remember cues such as playing cards, the periodic table and, for brokers, stock symbols. This approach makes it easier for people to recall long, complex passwords of the type security experts recommend, Boroditsky notes.
Stored passwords are encrypted so they can't be read without the master password. The program can be configured to automatically enter your user name and password when you log on to preset Web sites or start password-protected software.
Something More Robust? But password management software doesn't solve all security risks. Some online services, including some financial sites, have weak security that allows hackers to filter unencrypted passwords from Internet traffic, according to Abner Germanow, Internet security research manager for International Data Corp. in Framingham, Mass.
Germanow advises brokers to avoid financial transactions on sites that rely on passwords. Instead, look for those using digital certificates or USB tokens. Certificates are encoded attachments that identify you as the sender. Tokens are hardware devices that connect to your computer.
"I would demand something more robust than a password," Germanow says.
Other Chinks in Password Armor What happens if you forget your master password? Some password management software companies provide backup ways for you to get your password.
For instance, PassLogix will store your master password on its Web site and yield it if you respond correctly to five personal questions. If you don't use this optional service, however, a forgotten master password could be inconvenient to say the least.
Password managers also create security risks of their own. If the encryption used to store passwords isn't strong enough, it could be hacked and all your passwords could be swiped. If you log on to your password manager database and walk away from your desk, someone could copy - or change - all your passwords in a minute or two.
Password management is getting better, according to Howard Schmidt, president of the Information Systems Security Association in Oak Creek, Wis. More services are offering one-word, many-site log-ons, such as the Passport service from Schmidt's employer, Microsoft. New technologies such as password-storing smart cards and PC-based fingerprint readers promise easier and stronger security, he adds.
Password management will continue to improve, if for no other reason than passwords are difficult to protect, and intrusions by hackers using stolen ones are hard to detect. Meanwhile, as Germanow says, "It's definitely worth it to be paranoid about how you store your passwords."