So many usernames and passwords

Where do you have to put in a username and password in your daily computer geekery? Here’s what it looks like for me.

Work stuff

my laptop running Windows • our crappy corporate email client • our crappy corporate travel provider • the software that controls the phone on my desk • lots of other programs not smart enough (or not allowed) to authenticate me based on other methods

Personal stuff

our Mac at home • our Linux desktop at home • our Linux laptop • our email provider • our bank • Skype • Paypal • Amazon.com • Amazon.de • iTunes • Twitter • dozens, if not hundreds more

I imagine your situation is similar. With the personal stuff, you really should not be using the same passwords at multiple websites. Just one site being sloppy about security and getting breached by hackers is enough for them to send email in your name and steal money or service from you — look what happened to usernames and passwords recently at Gawker Media. You probably know someone whose account got hacked with real-world financial implications — I know two people to whom this happened in 2010 (and a third who got hacked but apparently didn’t lose any money). It happens all the time.

You and I both know you this is not a safe practice. But what can you do about it? With so many usernames and passwords in your daily life, the natural inclination is to stick to just a few username/password pairs and reuse them entirely or perhaps modify them slightly. Writing down passwords and usernames onto paper might be OK at your home, I guess, but that means you need to carry that piece of paper with you out into the world if you are going to do any sort of mobile computing. Writing those usernames and passwords onto paper at the office is a terrible idea; don’t ever let your IT people know that you do it.

password safeInstead, you can use Password Safe on Windows or a compatible program like Password Gorilla on Windows / Mac / Linux — and even on your iPhone or iPod Touch via the PasswordVault app. Instead of those hundreds of username/password combinations to remember (or look up), you only have to know one password to get into your “safe.” From there, you can copy usernames and passwords with the mouse (and keyboard shortcuts) from the “safe” into whatever application is requesting your credentials. Password Safe can randomly generate passwords for you based on policies you define: minimum password length, exclusion of easily mistaken characters (like zeroes/O’s or ones/L’s), inclusion of punctuation characters, etc. Lots of cryptologically sound practices there. “But how will I ever remember those randomly-generated passwords?” you ask? Well, you won’t. You’ll have to remember the one password to get you into the “safe” and the application will remember the rest for you.

I keep my “safe” file updated on my Windows computer, and then synchronize that periodically to my Mac and Linux machines via Dropbox. From my Mac, it synchronizes into my iPod touch. This means I am carrying that piece of paper with all the sensitive info on it around with me after all, but in electronic and encrypted form: I still have to enter the password to open the “safe” on all those computers/devices in order to get a glimpse of the content.

But hey, I can remember one password pretty easily, especially if it virtually eliminates the chances of someone stealing my purchased Skype-out credits or impersonating me via a hacked Gmail account.

Easy multi-platform file sharing with Dropbox

You know what a big pain it is to send a bunch of pictures or other files via email?  You can zip ’em up to together, but that doesn’t really shrink the file size if you’re sending media content like movies or images or sound files (they’re most likely already compressed, and zipping them doesn’t compress them further).  And if your email provider limits the total message size, you have to decide whether to resize your pictures (boo!) or send multiple emails.  Plus, there’s the tarbomb issue – unzipped files lying around in your nice clean folders all willy-nilly.

Or maybe these are files you don’t want to publish on your webpage or via flickr or picasa or whatever and you don’t have a file server hooked up to the internet at your disposal.

Try Dropbox.  You can drag and drop files through your operating systems’ native file management programs (i.e., Finder on Mac OS X, your file manager of choice on Linux, or even Windows Explorer on Windows) and they magically appear on remote users’ computers.  You define which files and which remote users.  Even your parents can do it (provided they can get the picures off of their camera). 

Here are the details:

  • It works on Macs, PCs, and Linux (more about the Linux version below).
  • You need a login (an email address) and password, which you set up at getdropbox.com.  You also need to know the email addresses of the people with whom you want to share files.
  • You set up folders containing files and then set the permissions on a per-folder basis.  This way, you’re not sharing all your content with everyone all the time.  Example:  you and your siblings can collaborate on a birthday present for a parent by keeping the files you want to share in the Planning Mom’s Birthday folder without Mom getting wind of it.  And Mom can still share files with you via other folders.
  • You don’t really have to install any of the software, since it’s all doable via the getdropbox.com website, but the easiest way to do it is after installing the software.
  • It’s free – for up to a couple GB of storage.  If you need more, you can pay for it.

I’ve been using it for about a year I guess on our Mac and it works really well.  Thanks to Carrie Jo for suggesting it to me originally.

Now, more about that Linux stuff I mentioned above:

  • There are packages available for Fedora Core and Ubuntu and, of course, souce.
  • Wait, the Ubuntu packages require Nautilus and/or other GNOMEy stuff?  What about Kubuntu or KDE users in general?
  • Google is your friend.  I found the following advice, which worked great:Dropbox without Gnome : Sounds From The Dungeon

Those instructions work, but here are a few more details. 

  • In step #2, “$HOME” means your home directory; probably /home/yourusernamehere
  • In step #3, I had to start the daemon from the command line with an ‘&’ at the end of the command.  The wizard didn’t seem to want to work otherwise.

After that, it was cake.