• What is PasswordsToGo.org? PasswordsToGo.org is a free online service that creates strong passwords and passphrases for use with most computer security applications.


• How does PasswordsToGo.org work? Passwords to Go utilizes truly random numbers collected from several Web sites that specialize in such data (see the links section). These data are then “blended” using a cryptographically strong message digest algorithm. This new composite data is used to create passwords.


• Are the passwords secured? Passwords are delivered to your Web browser using SSL and are represented graphically using a font and background designed to thwart certain types of electronic eavesdropping (see this article: Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations). Once the password has been delivered to your Web browser, all record of it is removed from the server. Furthermore, a password may be retrieved from the PasswordsToGo.org server one and only one time. However, any security measure is only as strong as its weakest link. Requesting a password while someone is looking over your shoulder is less secure than requesting a password in a closed room with the curtains drawn.


• Do you keep records of the passwords that are generated? Once a password has been delivered to your Web browser, all record of it is removed from the server (a password may be retrieved from the PasswordsToGo.org server one and only one time).


• Why is the password shown with a blurry font on top of a “noisy” background image? These measures are meant to interfere with certain types of electronic eavesdropping which monitor the radio frequency emissions from CRT and LCD monitors (see this article: Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations). The interference pattern that is visible in the background of the password graphic displayed on your Web browser is created utilizing a cryptographically strong pseudo-random number generator (PRNG) which is periodically reseeded with truly random data.


• Why does my passphrase consist of a series of short, ordinary words? PasswordsToGo.org uses the Diceware word list which has been shown to provide an excellent level of security. You may wish to consult the Diceware FAQ for additional information.

These writings require the free Abobe® Reader, which you can download here.

• Suggestions for Random Number Generation in Software
  RSA Laboratories


• Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations
  Markus G. Kuhn and Ross J. Anderson


• An Introduction To Cryptography
  PGP Corporation

• Use an Internet firewall. A properly configured firewall can protect your computer from intrusions and unauthorized access.




• Update your computer. Microsoft Windows and many Linux distributions can automatically check online to determine if operating system updates are available.




• Use up-to-date antivirus software. There are many antivirus programs available, but home users of Microsoft Windows may want to check out ALWIL Software’s avast! antivurus which is provided free of charge for personal use.




• Don’t open file attachments from unknown parties. Many viruses and other malicious programs are distributed in this fashion.




• Use a secure e-mail client. Mozilla Thunderbird is the personal choice of this Web site’s developer.




• Encrypt your data. Protect sensitive files using PGP or a similar product that utilizes strong encryption.




• Back up your data. Perform regular and frequent back-ups of your important data — it’s well worth the effort when you need to recover important files.




• Use an up-to-date anti-spyware program. Spyware programs and components are often installed in a subtle fashion and can sometimes go unnoticed, especially if more than one person is using the same computer. A decent anti-spyware program can remove existing spyware components as well as prevent such components from being installed in the future.




• Use a secure Web browser. Mozilla Firefox is the personal choice of this Web site’s developer.




• Activate a pop-up blocker. A pop-up blocker is an integral component of most modern Web browsers. If you experience a lot of pop-up windows when surfing the Web, you may want to verify that you’re using an up-to-date version of your Web browser and that the pop-up blocker feature is enabled. If your Web browser doesn’t support pop-up blocking, use one that does, such as Mozilla Firefox.




• Use secure Web sites for transactions and shopping. Most Web browsers indicate a secure connection by displaying a small padlock icon in their status bars. Mozilla Firefox additionally changes the background of the address bar to yellow when communicating securely.




• Avoid downloading programs from unknown sources. If you don’t recognize the domain name in a download link, or if the link contains an IP address instead of a domain name, you should exercise caution.




• Clear your Web browser’s cache files and cookies regularly. To improve performance, data from your recent Web browsing sessions are stored on your computer’s hard disk. If not removed, this information can later be observed by others who have access to your computer.




• Use a disk “wiping” program to permanently delete sensitive content from your hard disk. When you delete a file from your hard disk, the information contained in that file is not actually removed from the disk; the operating system simply makes the recovered chunk of disk space available for other files. As such, the data that you deleted can still be recovered using special software and hardware tools. There are a number of programs available, typically referred to as “privacy erasers”, which will overwrite the file areas of a disk in such a way as to prevent recovery with such tools.