Intelligent Password Use - Defeating Trojans
I write this because I had read about Microsoft's Jesper Johansson post about letting employees write their passwords down to avoid them using simple easy-to-guess passwords. I think he has a great point, but there is an even better method of having passwords that can even defeat Trojans! Here's how:
Let's assume you have this password: 9nh$tt-12 Ok that's a tough password, it uses letters and numbers and odd characters, very few people have this kind of password. So, remembering it might be difficult right? Well if all you do is follow Jesper's advice and write it down on a piece of paper, and then just type it in when the password prompt asks you, Trojans have you by the short and curlies. Why? Well, first of all, the word you typed before the password was your username. So someone disseminating Trojan logs can find recurring bits of data, your username and password, and voila with only a tiny bit of effort someone can get into your computer.
The solution? Here's how. Open up notepad. Do the 4-year old thing and just hammer away on the keyboard and get a few lines of nonsense text up there, then carefully, at the very end of it, or even somewhere in the middle if you're adventurous, type in the password. Save that text as a file and put it somewhere accessible.
You can open that up anytime you want now, and if you use it a lot it will be a permanent resident in your Recent Documents. Now, when it comes time to type in your password, don't. Open up that file, and using your mouse, select the password, copy (CTRL-c) then paste (CTRL-v) it into the password input box.
So what's so special about that? Well for one, you haven't TYPED it in. The Trojan, if you have one, won't register it since it only copies typed text. You have defeated one of the worst scourges of the digital age, and with only a tiny bit of effort. If you are a bright person, you will have chosen a nice long (and difficult) password and in this day and age, you have just saved your entire life, given that most people have bank details and ongoing work on their computer.
About the Author: Richard Dows is a 32-year old web designer living in Florida.