A Closer Look

Bypassing the Password Prompt

Network News

X Profile
View More Activity
By Mike Musgrove
Washington Post Staff Writer
Sunday, October 16, 2005

So many passwords, so little memory. In a digital era where everybody can access everything from bank information to vacation photos online, passwords are everywhere and many folks in the plugged-in world are finding they have more than they can remember.

Password-management software, designed to give people a safe place to stash all those secret codes, has become a mini-industry unto itself. For Mac users, Apple has even built a password-stashing program, called Keychain, into the operating system.

Security expert Bruce Schneier, the author of a free program for Windows users, got so tired of having to keep a lot of seldom-used passwords in his head that he designed a digital-locker program that he gives away at his security-focused blog, http://www.schneier.com/ .

Schneier says his program, which is basically a notepad locked under its own password, uses "military-level" encryption. "Basically, the idea is that you could hand this file to your worst enemy, and he still couldn't get to your passwords," he said.

Just don't come complaining to him if you forget the password that you use to open the program because he has no way to access it.

Schneier's program requires users to copy and paste their password from his program to any password-protected application or Web site. For users looking to reclaim a few more precious seconds from their daily Web routine, there's another program that makes things even a little easier.

A security widget from Siber Systems Inc., a small software company in Fairfax, automates the process of logging on to password-protected Web sites. Click on your "Hotmail" entry in the program, for example, and RoboForm will automatically enter your information and log you in to the Web-based e-mail program. If you like, the program will even randomly generate a password for you, all the better for protecting that valuable info locked up at your online stock account.

Siber Systems marketing executive Bill Carey says that the program, which will also stash your credit card information and fill it out when you make purchases online, has been downloaded 6 million times since its launch in 2001. The company offers a free trial version of the software at http://www.roboform.com/ ; the full version costs $29.95.

Sometimes Web users can circumvent the process of having to use a password at all. For Web surfers who don't want to register at pesky news sites that want your e-mail address and demographic information, one site, http://www.bugmenot.com , is a clearinghouse for bogus accounts. It'll set you up with cheeky fake names and passwords -- like "noinfo1@fromme.com" and "death_to_logons" -- that already work on the site you're trying to access.

Though Bugmenot.com is primarily a handy way to avoid registering at a news site -- the site lists washingtonpost.com as an offender -- it also pitches itself as a social movement for those who find it annoying that such Web sites ask for personal information. The site has a petition online, a protest "to demonstrate the pointless nature of forced Web site registration schemes and the dubious demographic data they collect."

By signing the petition, Bugmenot.com users vow to create a fake account at one of the "top ten offending sites" on Nov. 13, which the site dubs "Internet Advertiser Wakeup Day."


© 2005 The Washington Post Company

Network News

X My Profile
View More Activity