There have been numerous articles on password security over the years including this
doozy over at Wired.com. But given our increasing usage of online services for everything from email to banking and social connection to shopping I think it’s worth revisiting this topic with some new ideas and fresh information.
Surprise! None Of Your Passwords are in Your Control
You may think that your passwords are all tucked away nice and secure. They could be in your head, in a password protected word document, taped to the inside of a desk drawer, or written in a notebook. But something you need to realize right now is that every password you use is also somewhere else… the place you use it.
It makes sense right? In order for you to post a status update on Facebook, check the balance on your checking account, pay your electricity bill, buy tickets on TicketMaster, book a flight with Delta or shop at Amazon, each of those places has to have your password as well. And that’s the unknown variable, how are each of these places protecting your information?
The End Around
If you purchase or transact anything online you probably have dozens of usernames and passwords. Further, if you’re like how I used to be, at a certain point you settle on a few fairly secure passwords that you like and pretty much use those for everything. After all, who’s going to guess that your password is some abbreviated version of a your honeymoon location + home address + kids initials?
Fact is, someone who gets your favorite password probably won’t have guessed it at all. They’ll have simply found it in a poorly secured database on some website that you bought a dog costume from 3 years ago. Darn, now that dog-o-saurus costume has become something really scary. With your favorite password in hand they can troll around, behind your back, to see where that password works… GoToMyPC, your email account, online banking, Amazon.com… it could unlock lots of things. And once they're in they can change it and lock you out!
This is what I think of as the End Around. Nobody guessed your password, found it in your desk, or tortured you to get it. They found it at the other end of things, sitting there on the internet, hardly protected, because the 15 year old who created www.dress-your-dog.com didn’t think about database encryption.
Password:Account – 1:1
The solution to this problem is to create a one-to-one ratio of accounts and passwords. Only use a password on one account, never use it for anything else. If the place you use that password is hacked you don’t have to worry about dozens of other accounts that shared that same password being compromised.
In addition to unique passwords, you should do your absolute best to follow the advice you’ve heard many times before. Passwords should be at least 8 characters long, and combine upper case letters, lower case letters, numbers and symbols. Remembering 50+ unique passwords like this shouldn’t be a problem… yeah right!
Free Your Mind
Last year I began using a piece of software called a password manager. In particular, the one I use is called 1password and is made by
www.agilebits.com. This software allows me to create a highly unique password for every place that I have an account. It then keeps those passwords stored in a highly encrypted database on my computer. That encrypted database is then protected by… you guess it… my one favorite super secure password that I remember.
Using a password manager allows me to use completely nonsensical passwords like this: 4]Q}Wo2c)9v6q6QM[t for my email and this: 7?8Q^btn%h%)@,DsB3}N for my online banking. It feels strangely satisfying knowing that I’m using unique and very strong passwords for everything. At last check I had over 200 passwords stored, every one is delightfully unique.
Nearly all password managers include web browser integration to make it easy to fill in passwords while on a website and a mobile app so you can get them there too.
Where To Go Next
Based on my research there are three password manager software packages that are definitely worth checking out. Give them a shot and start enjoying the piece-of-mind that comes with knowing you’ve taken a big step towards protecting your identity, clients and data.
LastPass
Free plan or $1/month plan
Windows, Mac and Mobile
https://lastpass.com
1Password by Agilebits
$49 one-time cost after 30 day free trial
Windows, Mac and Mobile.
Has an “Apple” feel
https://agilebits.com/onepassword
RoboForm
9.95/year for first year
Windows
http://www.roboform.com