Now that I have this heightened security awareness I've begun to assess my security compliance. I thought a good place to start would be in organizing and understanding all of my accounts and determining how "secure" I am. I didn't get very far.

I began by listing all of my accounts. It turns out that I have 17 accounts that I absolutely, positively have got to keep straight. Some of these I have control over. Others I have to accept my user name. Still others are more strict about the password I am allowed to use.

But wait. Let me get this straight. I need to remember 17 account names & 17 unique passwords. These passwords can't be easily remembered. But I can't write them down anywhere. Oh, and I should change them every few months and make sure that I'm using encryption across the net. Okay. Sure. Nearly impossible.

And this doesn't even count my Ebay account, or my New York Times account, or my Wall Street Journal Account or my ZDNET account or another dozen accounts that I've opened. All of which I've forgotten.

I talked to Troy and Pete about this today. Pete suggested that we talk to a security professional to find out how a real pro organizes things. So I got Troy's input. Here's what he does.

He has three passwords. One that he has for his network accounts. These are the accounts that, in his words, he doesn't care if someone sniffs the password off the wire. It just doesn't matter. The second password he uses is his secure password. It only goes out over encrypted connections. It is reserved for important accounts. And he changes this password often. The third, and last, password is for root on his workstations. That's the password he takes special care to protect.

So what happens if I'm down the road about a half dozen changes or so and find an account that hasn't been used for a while? What do I do then? Guess my way and hope I remember. Now was this the secure password, or the super-secure password? Hmmmmm.

And what about all of the accounts I set up on the web? It's almost impossible to choose a user name that is unique enough to be available wherever I go. That's the one that gets me and causes me the most difficulty. I've sat in front of a computer screen guessing my user name more often than I'd like to admit.

Well, I suppose that all of us struggle with this password thing. I'm going to work at consolidating my password management to the magic three. It just might work. We'll see...........
9:48:45 PM    comment []