Pollywogs!

I’ve mentioned this before (although this could be a false and/or implated memory).  I’ve harangued you about this.  I’ve poked and prodded.  And yet you still use the same username and password at every site you visit…including your internet banking!!!

You are doing banking online right?  It is safe to do so for complicated reasons, or at least the weak point is not the communication between your computer and their web server.  The weak point is you and the fact that you’ve used the same password for the past ten years!!! Ok, the other weak point is what a shitty job some companies do safeguarding your personal data, but Grandma can get her Visa number stolen without ever visiting the scary interwebs, so…

I can’t get you to visit online antivirus and antispyware scanners regularly.  I can’t get you to defrag often.   I can’t convince you to switch to Ubuntu.  But god damn it, I’m going to get you to use unique and secure logins!

I could just paste a link to an existing how-to (with pictures) like this one, but what is the fun in that when I can do it poorly myself?

—

Go here.  Download either the regular install version or a USB key version.

Install it and create a new KeePass file.  DO NOT LOSE THIS FUCKING FILE!  You are using Mozy right?  Because if your shit burns to the ground and you don’t have a copy of that KeePass file, you are going to be a hurting unit.  Mozy will copy that little file to some magic place on the other side of the world.   Except that your Mozy password is also locked inside said file, which is an ‘amusing’ problem I hope you never have to deal with in such a time of personal tragedy and loss…

Secure that file with a long, elaborate password that you can remember.  I’d suggest including one or two non-alphanumeric characters like +, }, or $ in a fashion that you can remember (create a mental phrase like |3u77+$3ckz=4w3$0m3 (which is NOT my Mozy password, although I am now sorta wishing it was)).   I have a 96-bit password that is pretty easy for me to remember on my KeePass file, I’m sure you can come up with something too.  NEVER FORGET THIS FUCKING PASSWORD, as this is the one the CIA will want to torture out of you to access ALL OF YOUR OTHER PASSWORDS.  Now you think, isn’t that ‘not secure’, storing all of my passwords inside that one file?  Well, don’t give anyone you don’t trust that password.  Plus, when you are entering say your bank password into a website it is very possible you won’t even know what that password is.  I don’t know most of mine, I just generated them and always copy/paste from the software.  They are never unobscured (screenshot wouldn’t help), never typed in (keylogger wouldn’t help either) and are erased from the clipboard automatically after about 10 seconds. Here is an example of a REAL password, and example of why I don’t know any of my passwords: 55?rJkJb},2%2h”#(:2T

So, you came up with an obscene phrase which you’ll be tortured shamed into revealing during a waterboarding interview session with the Gestapo DHS at Auschwitz Guantanamo Bay.  Now what?

Go to your most important account (may I suggest your online checking account website?) and go to change your password.  If you’re allowed to change your username, I suggest you do so as well just for shits and giggles.  Now, go to the ‘Homebanking’ section of the empty KeePass file and right click in the vast white space.  Hit ‘Add New Entry’ and start filling that shit out!

You’ll come to where you are to generate a new password.  If you are lucky, the website will have suggestions on what is permissible.  If they do not, I usually make the most kick-ass password I can.  32 characters long, extended character set, all sorts of wacky shit.  If you generate a new password and it isn’t accepted, look for feedback on how to wussifiy it for the bank.  If they are really a pile of cock-gobbling shitheads they won’t provide you any feedback at all: try falling back to a 16 character alphanumeric password (and look for a new bank while you are at it!).

So, you now have a nice new entry for your bank, it has a nice new password and other cool info, and you have no idea what that password is other than seeing a glimpse once of a gigantic string of nonsense.  Next time you log into your banking website, for the love of god do not ask Firefox to remember your password…what did we just go through all of this effort for?!?!  Enter your username, and fire up KeePass.  Select the relevant entry and right-click on it.   Select “Copy Password to Clipboard” and hurry over to the webpage and paste it in.  Away you go, safe and secure!

Now repeat that about 100 times to get everything else you do secure.  I may permit you to have Firefox remember a password IF it is on a home computer AND it is for something fairly unimportant like your Facebook account (where one of the many people conspire against you behind your back could post nude photos of you experimenting with a Cucumber) or your email (where those same bastards could send emails from your account to everyone you know with a heartfelt and graphically-detailed “coming-out” story)  You know, no worries about trivial shit like that.  All of your actual important accounts, though, you gotta secure and only keep the relevant password in only one secure location.

—

See, that wasn’t hard now, was it?  Took all of two minutes to download, install and create your first secure account.  Nothing to it!

I’m not suggesting you are actually safe from anything like stray meteors, rampant fascism, or 13 year olds with nothing better to do than ruin your life…but hey, a false sense of security is what we are all about these days!