By Consumer Security Chick
Yes, the average user has at least 25 accounts that ask for a PIN or password, according to a study of Web users by Microsoft. Mind you, this study was done in 2007.
By now some of us have far more than 25 places that require authentication. You know who you are – especially if you buy a lot online or have a fondness for participating in forums and site Comments. And of course we must remember our library check-out password, our social site logins, banking account logins, and so on. Sometimes you even have to make up obscure usernames and remember them too! (“Sorry, that username is already taken.”)
How are we keeping track of all this? Once, after a nice vacation, I couldn’t remember the passwords I needed in order to do my work. My low-tech backup password list saved me! Okay, it’s saved me many other times as well.
To avoid the maddening frustration of not having access to a site or bank when you need it, you should keep a very safe backup copy of your passwords. I say “safe” because if the wrong person finds your login passwords, you are up against all kinds of financial risk, identity theft risk, and even reputation risk if someone impersonates you.
The big question is “what does safe look like?”
My personal paper copy doesn’t spell out every part of the password. I write just enough clues to trigger my memory. My document also makes it challenging for a stranger to determine what the password is for – eg, I use an acronym or codename wherever possible. You can’t rely only on a paper copy though, as that can disappear on you or be inaccessible when you need it.
I recommend a recent blog post by Elinor Mills that details what various experts do and then examines a lot of helpful tools and options.
While most people agree you need a paper version of your password list in case your digital one is not accessible (lost or broken PC, etc), I don’t agree with one expert who said that your wallet is the best place to keep it. Your wallet also has your other identity info, so if it’s stolen and it includes your passwords, you’ve set yourself up for some serious identity theft.
Again, check out Elinor’s blog post, which explores options like the following:
- LastPass -a free browser add-in that encrypts passwords and stores them on your hard drive
- RoboForm Online – Roboform is popular with many people at ZoneAlarm
- Yubikey – a USB password device
At the very least, have a safely hidden paper backup and encrypt your digital password list (I know, another password!), and please make sure your PC is guarded by an excellent firewall – here’s a free one – so that your password list can’t be easily grabbed by hackers