Passwords are a necessary evil. On one hand, we have to have them to keep our information secure. However, on the other hand, we also have to remember them all so that we can keep access to our information. This situation is what prompted one of my readers to email me last week asking about the best way to keep track of passwords.
Of course, it would be wonderful if we could use the same password for everything. Unfortunately, that is no longer a secure option. With the large number of hacks that have occurred in recent months, we can be assured that a password to one of our accounts has probably been compromised somewhere. If that password is the same for everything, knowing your email (probably accessible from inside your hacked account options even if it wasn't hacked itself) will give others access to any accounts using that same password.
I certainly wish I could write a "best-in-all-cases" option for keeping track of your passwords securely. Unfortunately, there is no best option. The key is to find something that works for you.
One option is to use a password management program. These programs will keep track of all your passwords, and many will automatically insert them in the proper places. Some will even generate random passwords for you. These passwords will be secure because they not only use all the general password-selection criteria (lower-case and upper-case letters, numbers, symbols, etc.), but also because you will not remember the random passwords they generate. This prevents you from accidentally giving your password out to a phishing site that you think is legitimate.
However, there are some problems with password managers. If a password manager is installed on your computer, you are unable to sync it with your phone, tablet, or other devices. You will need to install a separate program on each device and then update passwords on all of them when they are changed. An online password manager stores your passwords on a server so that they sync between all your devices. Unfortunately, this is my least-recommended method because it can be hacked to expose all your passwords.
If you don't want to use a password manager, you can consider using a notebook to keep track of your passwords. (Before writing down login information for work in a notebook, check with your company's IT department. Many have prohibitions against writing down passwords.) This works great if you primarily access the internet from home on one device. However, if your computer travels or you use many different devices, this becomes a problem. Your notebook could be lost, exposing your passwords, or you could leave the notebook at home and not have any way to access your information.
If you do use a notebook, do not write your user names along with your passwords. If your notebook is stolen, someone will have quick access to your accounts if both are written down. You can also write down your user name along with some generic hints that remind you about your password. This way, you will know your password by reading it, but others will be unable to decipher your password from the information.
If you want to remember all your passwords and are having trouble, you can try using this simple trick. Create a base password (to use it everywhere, make sure there is a capital letter, a lower-case letter, a number, and a symbol in it), then add the first 2-3 letters of the site to the end. For example, I could create something like "s0cceR!uvr". Then, I simply add "fa" for Facebook, "gm" for Gmail, and "tw" for Twitter. Since your password is not stored on most sites (in fact, I would not trust a site that does store your password), you don't have to worry about your password system being figured out if a site is compromised. Most sites use your computer to create what is called a hash, and then they transmit the hash to the site, where it is compared with the hash from the password you originally set up. This is why most sites can only send you a link to change your password; they can't send you your actual password because they don't have it.
If you are wondering what I use, the only simple answer is: "All of the above". There are many accounts that I only access from my primary computer. I use a password manager installed on my computer to provide me quick access and secure passwords for these accounts. For my most-used accounts (email, Facebook, bank, etc.), I simply remember the passwords. And I store user names and hints for all of my passwords in a password-protected file that I store in my Dropbox account, making it accessible on all my devices.
Obviously, my solution is not going to work for everyone. Some people will find that a notebook in a desk drawer will work fine. Some will be willing to take the risk to have the convenience of an online password manager. Others might opt for a hybrid solution like me. Whatever method you choose, be willing to accept the risks and inconveniences that will come with your method, and don't be afraid to try out different methods until you find the one that works best for you.
No comments:
Post a Comment