http://www.yourtechtamer.com/blog/2011/09/password-management-grrrrr-but-ya-gotta-do-it/
I know, I know…no one likes to think about Password Management, nor do they like to think of how vulnerable their information might be using weak and/or the same passwords on many sites. Just thinking of this issue raises my blood pressure and nerves several levels! It just feels so unwieldy.
I don’t know about you, but at last count, I had 432 passwords in my ‘repertoire’. I know that I’m not unusual…we ALL have a bunch (I guess 432 is more than a ‘bunch’, isn’t it?) of passwords to manage. There is no way, unless I suppose I had a photographic memory (which I don’t), that I could remember that many passwords.
What do we typically do to handle this onslaught of self-created information? We don’t change our passwords regularly (bad), we reuse passwords (pretty bad) and/or we use relatively simple passwords (very bad) to make that list more manageable. Even using some of these ‘shortcuts’, I can never seem to remember if this is the time I had to capitalize the first letter or add a special character to meet the password ‘rule’ that this particular site enforces.
On top of all of that, we keep a list of passwords in an Excel file, on sticky notes plastered around the frame of our monitor, or on pieces of paper in our top-desk drawer. Again, NOT GOOD!!!!
So, what’s a body to do???
First of all, do NOT store your passwords in a file on your computer called ‘passwords’ :-)!! Next, do NOT store them in a password protected Excel and/or Word file. Instead, try a password management tool on which you put a VERY STRONG* master password that’s not used as a password anywhere else as your password.
As I’ve struggled with finding the best tool(s) to manage passwords, but I’ve come up with a few gems that might help others to deal with password-rage!
First, check to see if your e-mail address has shown up in a compromised database…this isn’t foolproof, but it’s a start. Go to ShouldIChangeMyPassword.com, enter your e-mail address, then see if you get a “green light”.
Next, begin changing your passwords. Make sure that the new passwords are different from one another and STRONG*. You can check a password’s strength using any number of tools…CNET describes several of them here: Check Password Strength
Now, store those passwords in a SECURE manner. If you choose to store them on your computer itself, make sure that you put them in a ‘vault’ using a tool like KeePass Password Safe or Password Safe. Both of these tools are FREE and store your data in an encrypted format.
If you want to carry your passwords with you and need to store them on your Android or iOS device, eWallet may be the way to go. There is a cost ($19.99 at this writing) for the product, but it can by sync’d between your computer and your devices and gives you a similar interface in both places. Just go to the eWallet site and check it out!
So, what are your ‘going forward’ steps?
1. Download/install a new password storage system
2. Go to the most important sites first (e.g. bank accounts) and change your password NOW!
3. Go to ‘other’ sites (perhaps a couple a day) and continue changing your password
4. Delete, delete, delete the old, unsecure file on your computer
5. Throw away the scraps of paper in your top desk drawer or on your monitor!
6. Change important passwords every 3-6 months.
* “STRONG” passwords are passwords that:
Are over 8 characters long and include lower-case, upper-case, numbers AND special characters (e.g. !, @, #, $, etc.).
Do NOT contain your user name, real name, company name.
Do NOT contain complete ‘real’ words.
Are significantly different than previous passwords.
You have to use ALL of these recommendations to make a password ‘strong’.
6 Comments
I’ve read some good stuff here. Certainly value bookmarking for revisiting.
I surprise how much effort you put to make this type of fantastic informative site.
I’m really enjoying the design and layouut of your blog.
It’s a very easy on the eyes which makes it much more enjoyble for me to come here and visit more
often. Didd you hire ouut a designer to create your theme?
Excellent work!
Great article Sandi. Yes… I’m a password struggler… and then my clients think that I can remember all their’s also! Oy. I will be sure to take this information to heart and share with my clients.
Hey, Cynthia!!
Glad that you found this useful. Like you, I have umteen client signons/passwords on top of my own. That’s why I like eWallet, in particular. I can keep them all in a secure fashion and they are portable on my phone. Just be sure to have a VERY STRONG password to enter your eWallet database in the first place!
Good luck and happy password changing!
Sandy
With the help of your article I better understand good password management. Good password can be created by remembering these properties that it should be as long as possible, preferably in excess of 14 characters, it should have a mixture of letters, numbers and special characters and we should also use both uppercase and lowercase characters. Do not write down your passwords on a piece of paper and keep it in your frequently accessed areas like your working table. to speed up your pc you have to get a proper antivirus installed with the latest updates. And disk management has to be done regularly..Thanks a lot.
Hi Sandy,
Great Article! I clicked on the “Check Password Strength” link, and it said my passwords were not compromised! Thanks!
Gemma Pagliei
http://www.GemmasPilates.com
One Trackback
[…] http://www.yourtechtamer.com/blog/2011/09/password-management-grrrrr-but-ya-gotta-do-it/ […]