5 Tips to Manage Your Passwords
Managing passwords can be a challenge. I know because I have 205 userid/passwords. Most of my userids are the same, although not all of them. And most of my passwords are unique, although not all of them.
Keeping track of dozens or even hundreds of passwords often leads to really poor password management practices like using the same password for all accounts or using simple, easy to break, passwords such as password, 123456, qwerty, abc123, letmein, monkey, myspace1, password1, blink182, richard (i.e., your own first or last name). Those password examples are amongst the most common passwords that people use with their online accounts. And they are very easy passwords to hack.
This is an example of the type of password that I could generate for my online accounts:
VrHgW7snPucRtiaTcR4jTdjYyFVYWA
And for most of my 205 online accounts, I do not know my password. The passwords are generated by software. The passwords are strong and unique. And the passwords are easy to use and easy to manage.
How does that work?
Here are 5 things that I do to help manage my passwords.
1. Take Control
It did not take long for me to discover that I had a problem: too many online accounts, not enough passwords. I did the same thing that I suspect many people do, I tried to use the same userid and password for almost every online account. My password, although clever, was really simple. Too simple. And I never rotated passwords. Too much work. Too much bother.
Mat Honan’s story was a call to action for me. Even though by 2012 I had taken steps to better manage critical passwords for my financial accounts, I decided that I needed to take control and put a system in place to better manage all of my online accounts.
The first step is to recognize the issue and commit to taking some action.
2. Take Inventory
When I decided to take control, I thought I only had twenty or so online accounts. I went through my emails searching for strings like “password”, “login”, “userid”. I found over one hundred and fifty online accounts!
I made a list of them on a spreadsheet. And I put down whether the account was in use — most were — and I put down the password (if I knew it). Out of the one hundred and fifty or so accounts, almost all of them were in use and almost all of them used the same password.
Not good.
I thought about how I would manage this inventory of userids and passwords. A spreadsheet did not seem like a very secure solution.
3. Get a Password Manager
I use 1Password. It is a great tool for Mac, iPhone and iPad. That said, there are many other great password managers out there. The key features that I wanted: secure, convenient and easy to use. 1Password will generate really strong passwords for you. And the concept is very simple: one password gives you access to all of your logins. You protect that one key and 1Password looks after everything else. It is far easier for me to remember one single password that is encrypted on only the software that I use. 1Password manages the authentication on my behalf. Strong, unique passwords for most of my 205 accounts.
4. Put Better Passwords In Place, One At A Time
It took me several months to migrate all of my accounts to 1Password. I continued to find new accounts as part of my web browsing. I made a commitment to strengthen 10 accounts per week until I was done. One a day and a few extra over the weekend. After about 20 weeks, I was done.
I would visit an online account, login with my old credentials, and then do a password reset. I would get 1Password to generate the strongest password possible for the login — some sites restrict the password length — and updated that userid and new password into 1Password’s encrypted password file.
5. Rotate The Really Important Passwords
This took a bit of extra effort and this was my approach. With 1Password you can highlight a login as a favourite. I went through all of my online accounts and I tagged the really important ones like my online banking account, my investment account and my email accounts as favourites. That list is a much smaller list, less than twenty accounts.
For those really important accounts, I change the passwords in December and in June.
I will also change passwords whenever a breach happens. I was exposed to the Adobe breach — I have a Creative Cloud Photography subscription with them — and all I had to do was change one password. Because I use strong, unique passwords across the vast majority of accounts, a hacker would not get very far with the Adobe password. For what it is now worth, the compromised password was:
oWfcJKtYRa8xGFbgjbTXidZmvJsUp3
The new one is just as cryptic. But I don’t remember it. I let 1Password authenticate on my behalf.