Update: I’ve totally deprecated this plan in favor of using a passord manager.
I am becoming overwhelmed by the number of passwords I am having to juggle. As a single user, you probably have a couple passwords to remember. Onilne bank, home computer, work computer, e-mail, and maybe a few others. If you’re like me, you probably use one or two easy to remember passwords across all these arenas. Sure, you’re not supposed to, but anything more complicated just gets too hard. Besides what are the real odds that anyone is going to go to the effort of cracking your password?
Now, I am spinning up a website that I hope thousands of people will be coming to on a daily basis. That makes me a nice target for all the jerkos and script kiddies out there, which means I need to be more security conscious. On the other hand, I have several more credentials to remember. In fact, here’s a quick list of the ones I can name off-hand:
- subversion
- server root
- server normal login
- MySQL root
- MySQL Obsidian Portal user
- MySQL blog user
- MySQL forums user
- Obsidian Portal admin user
- Obsidian Portal normal user (Micah)
- Blog admin user
- Blog normal user (Micah)
- Forum admin user
- Forum normal user (Micah)
I’m sure there are some others that I’m forgetting here, too.
Obviously, certain credentials are more sensitive than others. If someone were able to crack the server root password, they could effectively shut the site down and cause a lot of problems. Likewise, cracking into the MySQL databases would allow for corruption of the data in nefarious ways. By contrast, if they cracked my Obsidian Portal normal user, they could log in and make comments or delete my campaigns. Irritating, but not show-stopping.
Tangential to a password’s sensitivity is its “risk profile.” By this, I mean that certain passwords are at a higher risk of being intercepted. Lowest risk would be passwords that never go out over the network*. For instance, when this blog connects to the database, it uses a password that stays on the localhost, since the database is hosted locally. At higher risk are passwords that travel over the network, but are encrypted. SSH logins are a good example of this. Finally, the highest risk (hopefully?) are credentials that are sent in plain text over the Internet. Blog login, Obsidian Portal login, and forum login are all like this.
So how do I cope with this mess? Currently, I don’t…at least not very well. However, I have a plan. I will partition the set of credentials based on their at-risk status:
- high - plain text over the network
- med - encrypted over the network
- low - localhost only
Then, I will use a single password for each category, and I will change them regularly, say once a month. I might even get rid of the low-risk profile altogether, for reasons noted at the bottom of this post.
Another option would be to partition the passwords based on sensitivity, but there is one big problem with this: you may not remember the rated sensitivity of a set of credentials in the future. So, is my subversion login high or medium sensitivity? This is a really bad situation, because if I cannot remember, I will simply start iterating through my passwords until I find the right one. Assuming someone is listening in, I have just given away all the keys to the kingdom.
So, here’s a question to the readers: How do you manage all your different identities? Automated tools? A good memory? Tattoos? I’d love to hear a better way than what I’m doing, as it truly does not sound all that secure to me. Still, it’s better than just using my dog’s name for everything…
* Note that some of these “low risk” passwords are not as low risk as they may seem. This is because they must get to the server at some point. So, if you insecurely FTP a file containing one of these passwords, then it has gone out over the network in plain text, which makes it high-risk.
Recent Comments