One Step Ahead
November 13, 2007, Volume 54, No. 12	Print Issue

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Though much progress has been made in recent years in providing more secure methods of gaining access to computing resources, the primary authentication method remains the combination of a username and password. Of course, as we continue to open new accounts on websites like amazon.com, do our banking online, and perform other useful but confidential work, the number of account names and passwords multiplies as well, and it’s difficult for the average human being to remember all of them.

“Password vault” programs are one solution to this problem. These programs are essentially a database for all your usernames, passwords, and other similarly sensitive information that is encrypted and protected by a single, strong “master” password of your choosing. Simply open the database with the master password to decrypt and look up the account info you need–much safer than post-it notes on your monitor! If you are using Mac OS X, you already have one called Keychain. A Google search on “password vault” will yield a wide assortment of Windows-based vault programs, such as PowerKeeper (by Symark) and PasswordVault (by Lava Software), though you should compare features and check consumer ratings before buying.

A final caution: Don’t use the “Remember My Password” checkboxes often found on websites and in applications–they are risky for many reasons. If “password proliferation” is giving you a headache, a vault program is a much safer alternative.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.