Tom Stoneham's Palm Blog

Saturday, July 24, 2004

KeyCutter

I seem to have been writing about several negative experiences recently, so it is nice to have an opportunity to write something positive. Earlier this week one of this Blog's readers released a new app and sent me a copy. It is called KeyCutter and is a utility for generating passwords. You can get it from Otter Software.

There are two questions to ask about any such tool. Why do I needs this? and What is so great about KeyCutter as opposed to any alternatives?

Why do I need this?

Two reasons:

Identity theft, both online and offline, is big business. Take your email account, for example. If someone can access your email account, then they can go to any website where you log on and select the 'Forgotten your Password?' option to have your password emailed to your (=the thief). And if you use the same password for say your email and your eBay account, then they can impersonate you to conduct scams over eBay, exploiting all your credibility built up in your feedback. So it is really important you’re your passwords are not easy to guess, and anything based on a real word or name will be easy for a computer to guess. Everyone needs a good way of creating hard to guess passwords.

Just about every website you want to interact with nowadays needs you to register. Since you don't want to spend time thinking up imaginative new passwords while you are just trying to book some airport parking, you will almost certainly have a small number of 'standard' passwords that you use for such things. These will of their nature be insecure, but they often give access to important information like your credit card details. So you need an easy way to create (and record) secure passwords on the fly.

What is so great about KeyCutter?

Apart from the name? ;-) Well, in the standard password generation screen you can select not only the length of the password, but also which sorts of character it includes.

As well as that there is an option to generate readable passwords, which are not quite as secure but are still some billion times more secure than your dog's name (unless he is called '%0T7rig3' or something similar). The idea behind a readable password is that a lot of random collections of letters look very much like they should be words of English and similar languages. Roughly, if you have the right pattern of vowels and consonants, and you note that some numbers and symbols are very similar to some letters, then you can produce a password which is not a derivative of a dictionary word, but is easy to remember for a human.

Finally, KeyCutter has the option to create passwords according to a template, allowing you to have variations on a pattern, which would be useful both for all those pesky website log ons and also for someone who needs to issue passwords to other people.

So the first thing to say about why KeyCutter is better than the competition is that it has more options for generating useful passwords. The second thing to say is that it makes recording those passwords easy. At the moment (version 1.0) passwords can be automatically written to the Palm clipboard or via a menu command to a the memo database, from whence they can be easily imported into a password manager like Secret!. One nice feature of the exporting to memo function is that you can edit the memo from within KeyCutter. Thus, while creating passwords on the fly, you can create memos which say things like: EasyJet password …

Future versions will have the ability to have the generated passwords written to the ClipPro clipboard and to the memo database in formats designed for easy import into common password managers. Otter Software are also looking into replacing the current dependence upon the standard Palm OS random number generation (used to create the passwords) with a more sophisticated randomizer.

posted by Tom at 7:52 PM

PDAMoney

I have found the following interesting 'Solution' on the US PalmOne Support pages, but it does not seem to appear on the UK pages:

Solution ID: 25660

Information on Handmark PDA Money conduits not appearing in HotSync(r) Manager

The version of PDA Money that comes with your Tungsten(tm) E Software Essentials CD is a demo version of Handmark's PDA Money software. In order to transfer information from PDA Money to your Mac or PC personal finance software, you must purchase the full version of PDA Money from http://www.handmark.com.

It seems that my experience with Handmark was an instance of generosity on their part.

posted by Tom at 9:31 AM

HOME - ARCHIVES