Manage your passwords and keep them different

With the ever growing list of sites that require a Too many keys or passwords are hard to managepassword to sign on we all have the same problem of managing these passwords and user id’s. We are told to keep them safe, not to write them down and to change them often. We are also told that they should not be easy to guess so don’t use pet names, birthdays or your favourite colour.  This can put us in a real catch-22 situation. How do you manage to remember all those passwords and leave yourself vulnerable to hacking and someone breaking into your accounts?

There are a number of common approaches to solving the password management problem

Use the same password everywhere – This is really NOT recommended! The problem with this approach is that you really need to trust every one of the sites that you use to be secure and keep your password safe. If your password is compromised on one site then they instantly have your password on a lot of sites.

Use a couple of different passwords for different ‘types’ of site – This is a variation on the first choice but at least you can use a password for banking or financial sites that is different to the one you use for twitter and that membership site you just joined. If one type of password is compromised then it won’t immediately expose you everywhere. Better but still not recommended.

Use different passwords and write them down – How many of us have seen a computer screen with post-it notes and passwords stuck on it. This is secure if no-one can access your computer but in the case of robbery you have all your passwords easily accessible for someone (who let’s face it – if they are breaking in and stealing from you, has already failed the honesty test!). If you use this then think about keeping them in a plain notebook in a secure location.

Use some sort of password management tool – You can use a program to manage your passwords and there are many on the market, some are free and some require a licence to be purchased. The advantage with these is that you typically have to remember only one more complicated password and all of your other passwords are stored securely in one place. Most of these tools will also help to generate strong passwords that would be hard to crack – and if they are broken then you are only exposed in one place. This is the recommended option.

An example of a password management tool

I use a password management tool called KeePass Password Safe which is an open source program that is freely available and comes in a standard and portable installation. That means you can either run it as a ‘normal’ application on your computer or install it on a USB Key and be able to run it on any computer without installing it there.

KeePass allows me to sort all my passwords into groups and folders in much the same way that you sort documents on your computer. It also provides shortcuts so that I can enter my user id and password into any site that I have stored – it even stores the site so that it can be opened up from within the tool.

The following are screenshots from the KeePass website. Which show signing on, creating a new entry to store password and other account details, the main window with all the different accounts organised and stored, and finally the password generator that allows you to easily create strong passwords.

Enter a strong master password to your password manager Enter a new password and userid into KeyPassThe main KeyPass password management screen The password generator screen from KeyPass

I would strongly suggest using a password management tool of some type that to protect your sensitive account information. Make sure that you also back up this information (but of course you back up your information don’t you?)

KeePass Password Safe will allow you to print out all your information that you could keep locked away somewhere safe.

If you would like any assistance with selecting a tool that is appropriate for you then let me know.

Here’s to your passwords being secure and strong,

Brian
your ‘peoples geek’

This entry was posted in IT Admin and tagged , . Bookmark the permalink.