I recently read the Wired article(s) all about the death of the password, and became inspired to attempt to improve my personal security measures.
I recognize that simply making a better password is like putting a band-aid over a leak in a dam, but I feel like band-aids are all I have, so I'd better make due.
I have looked into online encryption/hashing software, but am wondering if there are any I can trust (and if I should even bother pursuing) or if I should attempt to make one on my own. Does anyone have any ideas?
I would 2nd Truecrypt the company I work for gets account information sent to them via CD's from a major bank and they use truecrypt to encrypt the CD's. There are millions of dollars worth of account information on these CD's so they have to meet certain requirements just in case of theft.
So, I've now looked into TrueCrypt and I agree that it seems to be a very valuable tool for data protection (I will probably start using it for my docs w/ personal data), but I don't think it really helps me with my question... or rather I don't yet know if it can.
I should have been a little more specific. What I think I'm looking for is a way to have hashed password entry into online accounts... like so that I could have a way of entering a seemingly random password when I login to Google or Facebook, etc. I have seen online tools that will give hashed forms of various types of input, but would that be worth doing? I mean, any hacker could go to that same tool and repeat that process.
Is there a good way to make it harder for someone to break into an online account?
Ok, so since the RSA key is not an option for most sites, I decided to take an approach that incorporated truecrypt and a free online hashing tool. I'm sure it's not the best and it will end up being several extra steps to login to various sites, but it may be worth it to ensure my security - we'll see. Here's instructions for what I did:
1) Install truecrypt. (I will need to do this on every machine I want to login on from now on.)
2) Create an account for/login to some cloud-based storage service (dropbox, google drive, skydrive, etc.).
3) Go online to some freely available encryption tool (see John Walker).
4) Use an encryption method you like. This step could be done multiple ways depending on the tool you use. What I did was generate a list of several random lines of passphrases of a certain length using a particular seed/key and copied the seed and line number of the passphrase I wanted into a text file named after my login ID.
5) Start truecrypt and create an encrypted truecrypt volume with a password that you will actually remember (this could be the password you used before or not) and named after whatever particular site(s) you want to login to securely. Make sure that volume is in the directory that the cloud storage service syncs with (and be sure to follow the beginner's tutorial and wizard directions). WARNING: some could storage services will automatically start syncing a file as soon as it is created/modified, meaning you may have to right-click->exit the service from your taskbar before you can mount the volume in truecrypt.
6) Inside that encrypted volume, place that text file with that info.
7) Go to the site that you want to login to securely, and change your password to match whatever was on the line number you chose. WARNING: certain sites (Tom's included) have length limitations on the password change dialog even when those limitations aren't present when creating your password initially.
Now, whenever I want to login securely to a site, I need to:
1) Make sure that my cloud storage service is synced to my PC.
2) Start truecrypt and select the file/volume for the site I want to login to that is stored in the cloud service directory.
3) Mount the volume and enter the password I remember.
4) Open the file in that volume with the info I need to re-generate my password.
5) Go online to the passphrase generating tool, enter the seed/key, and generate the list of passphrases.
6) Select and copy the passphrase on the line number I stored in the file.
7) Go to the site I want to login to, enter my username, and paste the passphrase I copied from that list.