Using a Game Keypad for Passwords

I wanted to make a strong password without forgetting the password in the process.  I specifically needed something that would not “linger” on the computer where an intruder could find the passwords, and I did not want to have several passwords in the “cloud” under one key that could be broken and then all my passwords exposed (see my previous blog on Ali Baba).

 

The solution it seemed was in the same keypad used by gamers to compile “macros” that would save keystrokes for complicated games (i.e. pressing the CTRL key while holding down the SHIFT and DELETE keys to fire a weapon).  So, when looking for a solution, this looked like a good alternative.  I purchased a GENOVATION keypad from AMAZON, which cost me about 80 dollars at that time, but I noticed that they have gone up in price since that time.  I then plugged it into a computer that I do not put on the internet and then program the macro generator with passwords that are sometimes 30 characters long with random letters, numbers, and special characters.  Then I go to the site, put in my userid and when I get to the text, I press the appropriate key and the password is inserted and I am into my account.

Because the hardware is not connected past the submission, the file is not placed on the computer I am using for the account and then I unplug the hardware and put it aside for the next use.

Some disadvantages:

(1) I cannot carry the keyboard with me (it is about the size of a book) so it is not really portable.

(2) I can only use it from home, which actually suits me fine since I have no intention of going into my bank account from some hotel wi-fi.

An advantage I failed to mention was that this keypad can be adapted to an iPhone to put your passwords in at home.  Again, portability is an issue, but I am looking into other Genovation products that are smaller and you could possibly carry with you.  The main concern is that the smaller the keypad is, the more likely that it may become stolen which could be a problem if you have the keys plainly labeled with things like “bank” or “credit card.”  I am doing some more research on this and will share that as I go.

Thanks for reading and remember

Learn, Offer, Value, and Educate

Ali Baba and Cloud Security

ali-baba

By Maxfield Parrish – Arabian Nights, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1471823

So, we are now in the cloud era, where our files are kept on secure servers around the world and we can sleep at night knowing that we can put all of our records in an area that we have never seen, do not know the location, and have NO idea the amount of security that is on those servers.  Wow, this certainly makes me more relaxed, how about you?

This reminds me of the story of Ali Baba and the 40 Thieves.  Although reputably a part of the 1001 Arabian Nights, it has been challenged that it is not really part of the original stories of that very colorful legend, but nonetheless we will assume it to be for the purposes of this article.

The story goes something like this:  Ali Baba, a poor man, is cutting wood one day and he hears the beating of hooves.  Hiding in a nearby area, he spies a group of riders approach the side of a cliff and then hears what looks like the head of this band say “Open Sesame.”  At those words, the side of the cliff opens and the band enters with the leader saying “Close Sesame” closing the wall behind him.  Now the story goes on in some detail of how Ali Baba uses the password to go into the cave and steal some treasure only to be found out and then employing an ally to ultimately defeat the thief’s leader, but the main reason for re-telling this story is the “password of passwords.”

You see, the leader knew that the password had been compromised, but did nothing to change that password, instead trying to “seal the leaks” by disposing of the people who knew that password.  Once a password is compromised, the chances that it will be distributed is high.  What happens when a “password of passwords” is compromised, similar to one that many systems administrators have to do their daily jobs?  Pure chaos.

If I were a stranger and asked you for the key to your home, would you give it to me without gathering some information about my background, or my reputation?  Probably not, but yet we are willing to trust our sensitive data to others that we have not verified.  The cloud security is probably very good, but until that can be affirmed, placing sensitive information in that area is somewhat disconcerting.  After all, all a “black hat” would have to do is to get ONE password or set of credentials that would allow access to all records and then there would be chaos.

So, what is the solution to this for the household computer use?  Get an external drive and software to back up your computer and use THAT to store your important files.  As for the rest of the industries that are using cloud security, such as the health information and bank information industries, it is vital that THEY inform the consumer their security posture (leaving out the details so that intruders do not gain access).  In the meantime, continue to make your passwords strong by making them longer and more complex.  Don’t know how?  There are many references on passwords, including a children’s book on the subject by yours truly  called “Granpappy Turtle Talks About Passwords” available at http://www.lulu.com.

Learn, Offer, Value, and Educate  http://www.grectech.com