Sunday, 19 February 2012

Use A Password Management Strategy To Simplify Your Life.

If you’re like most people, you have an ever-growing list of accounts and services, each of which requires a password. How do you keep track of them? If you just use the same password everywhere, you’re asking for trouble. If you use strong, unique passwords everywhere, I don’t know how you remember them all.

Much of the advice around passwords has been near-impossible to follow: use a strong password containing numbers, letters and special characters; change it regularly; come up with a completely unique password for each account; and never write a single one down. It’s no wonder so many people have thrown up their hands and given up on password security. Here, we’ll show you some simple ways to get your passwords in order and save brain power.

Cloud-Based Password Manager:

What if your web browser remembered your passwords, automatically generated strong passwords and offered access to your passwords from anywhere?

That’s what you get when you use a cloud-based password manager like LastPass, which we’ve covered in the past — it bills itself as “the last password you’ll have to remember.” LastPass stores your passwords online in an encrypted form. When you log in, the encrypted blob is downloaded to your computer and decrypted locally.

These services also help you store and remember other important information — you can make secure notes or enter PINs and other sensitive information not related to websites.

Security can be strengthened with two-factor authentication, which ensures people can’t log into your password vault without a physical object, even if they know your master password.

LastPass isn’t the only cloud-based password manager; we’ve covered other ones in the past.
If you don’t trust the service, you can always store your less-important passwords in a cloud-based password manager and store your online banking passwords in your brain.

Local Password Manager:

If you’re not comfortable storing your passwords online but still want your computer managing them for you, you can use a local password manager like Keepass, which we’ve covered before. Keepass performs much of the same functions, but it runs on your computer and doesn’t store any data on the web.

You can even use Keepass in combination with an online file-storage service such as Dropbox to synchronize your encrypted password file across your devices.

Password Algorithm:

Coming up with your own password algorithm is the ideal way to manage your own passwords if you want to do it all in your own brain. Instead of remembering unique passwords for each account, you start with a base password and modify it based on the website’s name.

Here’s an example: You might start with a base password like gf1lk9e&. Now, when you create a password for, you might add the first letter and the last letter of the website’s domain name to the end of your base password — so your Amazon password would be gf1lk9e&an. Likewise, your Google password would be gf1lk9e&ge.

You can come up with different, more complicated algorithms on your own. The main idea is that you won’t have to remember a unique password for each website — you just remember your base password and your algorithm.

There’s one snag with algorithms: Some poorly designed websites limit the characters you can use for passwords. A website might prevent you from using symbols or restrict you to only numbers.

Password Generator:

A password generator is an algorithm implemented as a browser extension or bookmarklet. Come up with a master password, type it into the password generator and it’ll generate a unique password for each website you use. You don’t have to maintain a password vault or remember an algorithm — just install the generator on each browser you use and use the same master password everywhere.

SuperGenPass,is a good option. It’s implemented as a bookmarklet, so it’ll work with most web browsers and you can inspect its JavaScript code yourself to make sure it isn’t doing anything nasty.

It has the same disadvantage algorithms have: It won’t work for websites that limit you to specific types of characters.

Strategies For Unimportant Passwords:

There are other ways to simplify your massive pile of passwords if you don’t want to use one of these strategies. Both go against the common wisdom, but each has its place.

Writing Passwords Down:

We were always told not to do this, but why not? Go ahead and write down passwords that aren’t too important. You obviously don’t want your online-banking password written down, but it’s probably alright to have your I Can shopping site account password on a piece of paper.

Using The Same Password:

It’s not ideal, but let’s be honest: Using the same password for unimportant accounts, such as that free online newspaper account you created so you could read articles and that photo-editing website you used once, isn’t much of a problem. Just make sure you use unique passwords for important accounts like your email and online banking. This helps save your memory for remembering the strong passwords your important accounts use.

How do you keep track of your passwords? Leave a comment and let us know.

No comments:

Post a Comment