Keeping Track of Passwords

Amazon ImageMost of us take for granted that passwords are just part of life on the interwebs.  From blog sites to newspapers to Amazon to banking, passwords are used daily, usually multiple times.

The problem is we are all having to remember too many passwords.  And because of the way we humans function, we tend toward the simpler answer to what can be a very serious technology headache:  we use the same simple password across all our digital lives, and that, unfortunately can lead to disaster. 

As this Forbes article points out, it is way too easy to be lazy about password security.  The consequences are huge.  If you chose a password that is easily guessed (and any word from the English dictionary is insecure), it’s probably just a matter of time before your account falls pray to hackers.

So what to do?  In the past, it was much easier to manage passwords.  You usually had only a few accounts, and the access to those account Amazon Imagetypically only happened from a computer you had access to, and which you could limit others from having access to.

Now, given the growth of the smartphones like the iPhone or any of the Android phones, the places we access accounts has changed, and the devices we access them on are more susceptible to theft.  The impact on password security is significant.

Because of my role at work, I have had to find ways to manage passwords.  In another post I will deal with what constitutes a secure password, but for now I want to discuss password management.

 

There are options for Internet users, ranging from low tech to high tech, from cloud based to paper based.  They each have advantages.  One under appreciated need for a good password management utility is portability.  Can you take it with you?  Can you export your passwords (you will be shocked how many you can have) if you decide to use another product?

  1. KeepPass - KeepPass is an encrypted password safe that resides on your local computer.  It is not cloud based, and is open source.  If concerns about cloud bases services are important for you, this is a good option.  The Windows client is better, IMO, than the Mac client, at least in terms of a user interface.  If you want to transfer your KeepPass passwords, you can use the export function.
  2. Amazon ImageLastPass –  LastPass is a cloud based service that syncs your passwords across all devices you use, starting with browsers (plugins for IE, Mozilla Firefox, Google Chrome, Safari, and Opera), smart phones from iPhone, Android, Blackberry, Win 7 Phone, Symbian and WebOS), as well as tablets (Android and iPad), and support for Windows, MacOS X and Linux.  The level of encryption is 256 AES, the grade used by US Government for encrypting top secret data.   The features are numerous, but I can attest from personal use that it is unobtrusive, while being incredibly functional.
  3. Paper Password – If you are in your 40s or 50s you’ll probably remember the IT support telling you repeatedly not to write down yourAmazon Image password for your computer.  Amazing, this is now changing.  Writing a list and keeping it on your person is widely seen as a fine means of protecting a password from being stolen via online means.  If you do chose the paper password route, I strongly encourage you NOT to use a stick-it note and leave it on your computer.
  4. Dangers of Unencrypted Passwords – It is very easy for users to assume that if they only keep a password on their home computer (desktop or notebook doesn’t matter), that they are inherently safe.  In fact, for many people they would believe their password is safer in any state on their home computer than a cloud based password management tool like LastPass.  But if you store passwords on your local computer in a text file or Word document or Excel spreadsheet, and they are not encrypted, you are simply asking for trouble, and even more so if you are a user of any version of Windows.  Why? Because malware of any type that infects your system will look for just such files.  And passwords are what hackers love.

I hope I haven’t sounded too strident in suggesting you need to use good password management, as well as strong passwords (most ecommerce sites will give you a visual cue about the strength of your password).

One last thought.  Best practice among security experts says to change your password on some frequency, say every 90 or 120 days.  I follow that rule, and suggest you do these same.

What are you doing about password security?  Have any horror stories to tell?

 

If you enjoyed this post, I hope you will subscribe to my RSS feed! You can also follow me on Twitter here.

by Thad on February 15, 2012 · 13 comments

tagged as in gadget,Mac OS,Uncategorized,Windows

  • Tracy

    I am interested in know which if these password managers offer the option for 2-factor authentication where I can telesign into my account.

    • http://www.thadthoughts.com Thad

      According to their FAQ, LastPass supports two-factor authentication. I know that on at least one of the computers I have used it utilized the biometric scanner which the notebook had. Here is the link to the relevant page.

  • Pingback: One Step To Prepare for Your Digital (After) Life

  • http://www.modestmoney.com/ Jeremy @ Modest Money

    Yes keeping track of passwords is a pain. I’ve got dozens of passwords for different sites. I used to just write them all down on paper, but that became too much of a mess. I think I’ll have to look into LastPass to see if it will be a good solution for me. I’d hate to think about what could happen if all my passwords fell into the wrong hands. My ex had her blogs hijacked by using an overly simple password. She still didn’t recover them to this day.

    • http://www.thadthoughts.com Thad

      I suggest writing down your master pw for your spouse/family in the event of an emergency. You could lock it away in a home safe or safe deposit box.

  • http://passiveincometoretire.com Corey @ Passive Income to Retire

    Great timing – I have been giving this more and more thought as I have more and more accounts these days. I am going to look into these two password options, but I favor the cloud-based one because it will allow me to access it from all the computers that I use. Thanks!

    • http://www.thadthoughts.com Thad

      I just saw this comment today, Corey.

      I love LastPass. It just keeps getting better. Let me know which one you like and why!

  • http://www.ontargetcoach.com Brent Pittman

    Passwords are a headache, especially when you ‘share’ accounts with a spouse. I even heard of a device that can ‘listen’ to your keystroke vibrations on your laptop in public. Scary.

    • Thad

      Good password security is important. The challenge I have is sharing an iPad with my wife and daughter.

  • http://prairieecothrifter.com Miss T @ Prairie Eco-Thrifter

    We are heading overseas and were looking into Last Pass but it doesn’t seem to be great for using internet cafe’s etc. I think we might just change our password every time we log in or use my iphone as much as possible. It might be our only option.

    • Thad

      Be very careful using passwords in Internet cafes overseas. Keystroke loggers are a big problem.

      I think LastPass has an option for a virtual keyboard which might mitigate that concern.

      iPhone? Be careful of the roaming charges and use only wifi, otherwise you could be hit with huge roaming charges.

  • http://dqydj.net PK

    I have a combination system – paper (not on my person) password backups for when I truly can’t remember a site, but I also have a system for determining passwords based on the site itself – so my passwords are never the same. So far, so good.

    Oh, and also change your passwords every few months (from a known clean computer), just in case!

    • Thad

      Excellent advice in every way. If you are married or in a business relationship where access to online accounts is important, leaving that paper password in a safe deposit box is a great way to give access to another person in the event of a death).

Previous post:

Next post: