Unless you're an expert in memory techniques, keeping track of the passwords you use for your online accounts is a daunting challenge. We've got work, banking, shopping, and social media accounts, and all require some way for us to prove our identities.
The problem with passwords
A good password can't be judged solely by the number of letters or digits or special characters. For example, abcABC123 has a mix of these attributes, but is fairly obvious, and might even exist in password dictionaries used by hackers. A good password must be very hard to guess.
It's tempting to create a single great password and then use it at every website you visit. However, should only one of those sites be hacked, your login credentials will be loose in the wild. Since your email address is almost certainly your login name at these sites, it won't be long before hackers are trying your credentials at all the most popular websites.
A variant of the single great password is to append letters to it depending on the website you're visiting. That isn't much better. If your Facebook password is leaked and happens to be AY@2a&8mePuFacebook, you can be sure that hackers will start trying to use AY@2a&8mePuTwitter, AY@2a&8mePuLinkedin, etc. on your other accounts. Some writers suggest placing the site-specific portion at different locations in the single great password, like AY@2aFacebook&8mePu, or encoding the site name like AY@2a&8mePuTw1tt3r, but then you've recreated the original problem - having many passwords that you can't remember.
It isn't enough to have a strong password, though. You require a strong password for every website and online account that you access.
You could go the sticky note route, and keep every strong password for every Internet site you use written down. While this is secure against many risks, it doesn't work well when you're away from wherever you happen to store your sticky notes.
A smarter way to manage your passwords
One solution is to use a password manager. This is software that integrates with your mobile device and your desktop browser to create, remember, and enter strong passwords for you. Although some web browsers have simple password management functions, they do not provide the entire breadth of services needed to make your password use painless. Password managers offer a range of features, but the core functionality is the same in operation:
- You install the extension software for your web browser and the app for your mobile device.
- You create a single master password and use it on all devices you use with the manager. Since this needs to be hard to crack and memorable, many security experts recommend using a passphrase, like a portion of a song lyric or a description of something meaningful to you. Even though it is made up of dictionary words, a passphrase like illneverforgetthenewyearsdaybonfireinmontegobay is not likely to be easily guessed by an attacker. Even if it is memorable, you should save a copy of your passphrase someplace safe.
- You use the manager to browse to sites hosting your accounts, like Amazon or Facebook, and allow it to create new, complex passwords, which it will save, encrypted and secure. When you visit the sites in future, the manager will submit your password for you.
Selecting a password manager
IST does not currently support any particular password manager. However, we can suggest a few that are worth investigating. These products have free versions with less functionality than the paid versions, which allow you to test them to see how well they meet your needs.
- Keeper Password Manager (Keeper Security, https://keepersecurity.com/)
- LastPass (LastPass, https://lastpass.com/)
- AgileBits 1Password (AgileBits, https://1password.com/)
While commercial products support a number of operating systems and browsers, the quality of that support may be uneven. You will have to choose a product according to what supports the software you use daily.
