From social networking and shopping to banking and job seeking – you name it – we’re becoming dependent on the Internet to get our tasks done. With a variety of different accounts, we could be just one click away from our private and often sensitive information falling into the wrong hands.
We all know it’s not safe to create one password that you can use with all the sites that you visit. And using something that is easy to remember, like your Pet’s name, is definitely risky. Instead, it’s become increasingly important to create a different password that is on the longer, more complicated side – with at least eight characters and a unique set of uppercase and lowercase letters, numbers and symbols – for every account. But how realistic is it to remember a uniquely different password for each of the dozen or so sites that you might go to?
Our Internet security experts say you don’t have to – and without using the function on IE, Chrome, Firefox and other browsers that save your logins and basic information for auto form-filling. Sure, this is convenient because you don’t have to download or set up another app. But it isn’t secure as it allows anyone who gets a hold of your computer and uses your browser to easily access your accounts.
One way to protect access to your information without having to remember multiple passwords is to use a password manager like RoboForm, which helps you keep track of each and every secret code that gets you into your accounts. Password managers work as a web plug-in that you can download from any browser. It collects your passwords as you make your way around the Web, encrypts them and stores them either on your computer or on the company’s servers or sometimes both of these. You are given the only key — in the form of a master password that only you know.
This is especially helpful for keeping track of passwords that you create and then forget immediately because the password manager’s job is to remember your code and automatically fill it in whenever a password is requested on any site that you visit. Some password managers even generate obscure passwords for you, thereby imposing an extra level of security.
If you are more of a do-it-yourself kind of person, another way to keep track of all your usernames and corresponding passwords is to record them into a password-protected Excel spreadsheet. But instead of recording your actual password down, you may want to indicate a clue. For example, one hint might look like xXxxXx455, which might correspond to case-sensitive pass code bAnaNa455 or baxxxxxxx, which might correlate to something only you know, like your old license plate number. You might also use secret questions on the Excel sheet to help you remember certain pass codes.
That way, if someone were to break into your computer and figure out the password to your Excel spreadsheet, they would still be required to figure out your hints.
Remember, there is no one size fits all solution for every situation when it comes to storing and keeping track of your important passwords. But a multi-layered approach to password protection can certainly minimize your risk.
Great password tips. In my case, I use an affordable app called SplashID Safe for protection of not only username and password data but also non-password records for safety of confidential business info. It has a password generation tool and its browser integration support is only optional.
like Deandre_012 I use a password safe
I like KeePass v 1.66, as it is stand alone, not an installed app, so you can carry it and its database on a memory stick. Also the autotype feature is pretty good.
An on the memory stick, store the Password volume on an encrypted volume, I use truecrypt. That way there’s 2 passwords to overcome before anyone can actually get to your “Account/Password” details
I use the initial letters of the words in a sentence that only I know. This makes up the base password. I then add two letters indicating the function of each password and a serial number. Example: The base password could be made of the sentence: “I like boating on the Soar” ie IlbotS.
To make this unique to my bank I could add ba to the beginning and 10 to the end so the unique password for my bank account could be:
baIlbothS10
I keep a list of the different unique identifiers in a file in my DropBox folder. This means that the 25 unique passwords are available on any Internet linked computer.
Nick
Nick, that is SO clever. I’ve got to try it. Thank you for sharing that.
I’ve been using and recommending RoboForm for many years now. I highly recommend the program. It will synchronize and save your data online (their servers) so you can access your passwords from anywhere, on any device. If you ever lost access to your computer or something happened to it (heaven forbid!), you could retrieve all your info via your account from RoboForm’s servers.
I use a free program called Last Pass, although it doesn’t work on every site. But I am very happy with the program. Even though I use one very long and complicated password, I am in the process of letting Last Pass change all of them to very long and complicated different passwords.
can’t wait for that
I use the paid version of LastPass and it’s great. Works on every site, just need to learn the tips and tricks. Enjoy.
Having different passwords is all well and good if you have an outstanding memory. For us older gen folks an excellent memory is countenance to being a young kid again, I have had two minor strokes that have effected my memory, I do not remember things like I used to when I was in my 20/30′s like a lot you folks who have commented to this article. I certainly hope none of you young folks will ever have to face this problem, meanwhile, why don’t one of you bright young people write a software package that would help those folks like remember it would have to be easy to use. One last thing, I would also like to scare you one more time: I got into the computer field in 1967 at the US Army Computer Science School in Ft. Monmouth, NJ, my learning tool was a xeroxed photo (11×14) of a Moby Dick Computer Console on which I would have to reflect correct switch and dial positions and which diode console lights would be lit, now I don’t know if my memory is good enough.
Rich, you don’t have to have a good memory for numerous, different, strong passwords. Who does, young or old?
As has been mentioned by the previous posters, just get yourself a password manager program. Theses are just the kind of program you suggest someone write. There are already bunches of them. Everyone has his preference and thinks it’s best, I prefer Password Agent (generation, encryption, form-filling, shortcut keys, categories), but you just need to try a few and find one comfortable and convenient to you.
Then you have to remember just one password to get into your password manager. You should be able to come up with something that is sufficiently strong yet tailored to be easy for you to remember.
Good luck!
Rich -
You are young if you were at Fort Monmouth in 1967 cause I was there in 1957 as an instructor in the Officer’s Department at Squire Hall. To bad the base got put on the closings list.
How about the old fashioned way. An alphabetized telephone address book with user names, password and whatever email address you use for that site written in pencil. That way you can erase and change easily on a regular basis.
I would discourage that old fashioned way.
1. At best, it would become annoyingly inconvenient, because you have to look up and type in manually a (preferably) long, awkward string, and typos will cause failed logins, lockouts, and other frustrations.
2. If you lose your little black book, or if someone breaks in your home and steals it, they have all your credentials to all your sites. They run up your bills and steal your identity easy as pie.
3. To add to that, YOU no longer will be able to get into your own accounts, even to change passwords.
:-[
I been using Roboform for many years and I am happy with it. I got my friends and clients to use it.
Good intereting observations. I’ll be watching how you develop the subject further.
What about web sites increasing THEIR log-in security?? The strongest password can be cracked given enough time and many, many websites allow this. The best web sites do the following:
1. know the IP address range I normally log in from — strange/forgein IP address log-in (aka when I am in another city) immediately triggers further validation by answering sercurity questions.
2. Limit the number of tries (3-5 times) to do a successful log-in. If you fail you are locked out for a time period (3-12 hours). If after the first lockout and you log in successfully you get asked a security question or two (with a limited number of tries), get them wrong and you get your account disabled, thus now requiring a phone call or e-mail to get it re-activated.
3. Require you answer a Capcha box to prove you are a human and not a machine.
4. I few web sites are now give users a PIN to go with the user name/password and require it to be entered to log in.
There is most likely many,many more simple security steps a web site should implement that would greatly increase the difficulty of an intruder of ever getting in. This would mean some more code on the website, but a little prevention would prevent a ton of disaester.
Bad memory here also, but with google for searching who cares? And for the passwords, just buy an iron key usb stick. It will do the job for you and if you and handle all the heavy lifting.
Good luck.
I use ( http://www.tropicdesigns.net/windows-software/ ) password generator. Here is a sample of four of them. You can string two of them togeather for banking etc.
6GiANtY0o
E4v65eoGv
bTeeerQKD
z9NWk4FT7
For a password safe I use a Rolodex setting on my desk. The old Kiss principle.
I use LastPass as well. On sites where it doesn’t work, I can go to my vault, and type in the site. I select show hidden password, and must reenter my master password for the password to be shown. Rich, this should solve your problem as well, for Last Pass is free and works with Internet Explorer, Google Chrome, and Firefox. There are 64 bit and 32 bit versions. The 64bit works even if you are running IE in 32 bit mode. The add ons for Firefox and Chrome can be downloaded in the add ons or Chrome store areas under setting and are free as well. When you are on the Internet at a different location such as the library, you can access your passwords by logging into the Last Pass website. Just enter your Master Password; enter the name of the website in your Last Pass vault search, and click show password. Reenter your Master Password and copy and paste the password. You can also save new site’s and generate random passwords. As long as you’re logged into Last pass at home or on another computer, your Last Pass vault on the Cloud in cyberspace will remember the new password.
I went through Crypto Repair school at Ft Monmouth in 1963 and learned a few things about passwords and crypto both while I was there. For easy to remember passwords, use a phrase that isn’t too difficult to remember like your wife/girlfriend’s address from several years ago with the year you met a special character(s) and a random capitalization, ie: She lived at 137 Woodrow St. in 1998. This becomes the password “37woOdRow@98) . Since this requires an easy to remember item with your own specialization, it can be used in several different ways to boot, ie: 37″wOoDrow@8)9 .
A scheme like that is good as a password for a password manager program.
Once you start accumulating 10 or 20 or more sets of email, merchant, bank account, etc. credentials, though, even such a scheme becomes too complicated to be practicable for every, separate site without duplication. You may begin to exhaust girlfriends, dogs, cars, elementary schools, employers, and other sources of root phrases, and confuse which you use for which site, and how you capitalize and specialize.
At least for me, this would be more than memory can be trusted to retain and keep straight.
This article was VERY helpful. I will be using some of suggestions.
Also good is padding your passwords by adding multiples of the same symbol. Brute force hijackung even has a hard time with this method. i.e. “PassW0rd******”
There is a great free tool which is a small EXE which store data within the EXE (encrypted of course). You open it up and get a small built in text editor. When you close it you save it with a password. It’s called Locknotes and it is free. Get it here https://www.steganos.com/us/products/for-free/locknote/overview/
Security is much more than just strong passwords. Security is more than just keeping the bad guys at bay. Security also includes keeping yourself sustained. Even disregarding the malicious actions of others, what can you do if your hard or flash disk with your password manager crashes or is lost?
Everyone reading this blog should be backing up his systems frequently, and, preferably, keeping copies of backups offsite. For backups, I dissuade the use of My Documents or other partial data backups, automatic or manual. The way to go is with entire disk (or partition) imaging. This enables you to restore your entire system configuration in one stroke, if the need arises. And disk imaging turns out to be effective and convenient also to system mishaps (bad installs, e.g.). You can forget about System Restore, which doesn’t always work and which never undoes everything, anyway, leaving behind remnants of an undesired event/situation.
If you don’t know about disk imaging, you’ll have to Google for the wealth of info I can’t supply here. But you can recover your entire system to a previous snapshot, to recover lost data, to recover good data, to recover a good program installation state, to recover a good OS, or for any purpose, by turning back the clock completely comprehensively with disk imaging.
I strongly recommend Acronis True Image for this purpose (http://www.acronis.com/homecomputing/products/trueimage/). I’ve used it for years, and it has saved my butt more times than I have counted. Not free, but also not unreasonable, and orders of magnitude more valuable than the cost. Free trial and 30-day refund. (No, I have no affiliation with Acronis, just a great history.)
I keep mine in a text file backed on a thumb drive with many sentences and phrases with email addresses some i know are bogus because i know mine. I cut&paste words from the sentences then paste them in the password box using back space where needed to close gaps and delete extra letters. Example: com// engll ish/code_search.asp = com/english/code_search.asp Sounds complicated but works great for me works. Love Zone-Alarm from the old days when i first was recommended it by a friend…only firewall i have ever used.
Instead of excel, I use an encrypted Ms Word file. I find a word table more flexible, allowing me to easily add footnotes (Registration info, support links or phone#s etc.) & log entries (problem or maintenance notes) about each account, and links to other account related sites & files.
There is always more overhead & maintenance required for any of these techniques than indicated in any of these posts. IE:
0) keep your tool up-to-date (I keep registration & access info)
1) find & open the tool (on key-ring or on-line)
2) find the account info (some program tools require you browse to the site first)
3) move the access info to the account site (some program tools do this for you)
I must remember the master-file path (just an innocuous root link on my 128k USB RAM) and its password (encryption key), then FIND the account entry with any key-word, then click the login-page web-link, then cut&paste the UID & PW & any security Q&A info required by some sites.
I use Sticky Password, works great, have used it for many years, generates passwords for you too.