You might think you have too many, but in this day an age you can never have too many passwords. The problem most of us face is managing the credentials for each of the online services we sign up for. It has become more and more common for the average person to simply use the same username and password for many, if not all, of their online accounts. If that’s you, please read this entire post. Your financial and social reputation could depend on it. I say that because in the past couple weeks, anonymous groups of hackers have been exploiting websites with poor security practices. They then collect things like usernames and passwords, and share them in huge lists with anyone that has internet access. Your username and password could be in one of such lists from a leak that happened last week. You can find out using the simple form on this page: http://gizmodo.com/5812545/find-out-if-your-passwords-were-leaked-by-lulzsec-right-here.
Let me ask you this. Do you have an online banking account or PayPal? What about facebook and twitter? Do you have 1-click checkout turned on in your Amazon account? Now think about the usernames and passwords you use for those sites. How many other sites do you use the exact same username and password combination? Do you value those other sites as much as your bank account information, your social networks, or any other private/personal information? Then why would you use the same username and password to protect things that have completely different value? It really does not make sense, but sometimes we sacrifice security for simplicity. No one wants to have to remember 20 different passwords, and I’m not suggesting that you memorize 20 unique passwords. I’d like to offer a suggestion that has simplicity, accessibility, and security.
A Simple Solution.
Use a password management software. I would suggest Keepass. It’s free, easy to manage, and it’s my password manager of choice. With Keepass you can organize and store all your usernames and passwords in one password protected, encrypted file. That encrypted file is protected with a master password which gives you access to your database of passwords. So one password to access all the rest of your passwords. Make sure you pick a secure master password!
An Accessible Solution.
Some would argue against password managers because of accessibility. A person may want to keep track of passwords at work as well as home, and be able to access those passwords from any location. You can put your keepass file on any storage device such as a thumb drive, external hard drive, or even your smart phone. I’ve gone one step further with making my Keepass file accessible. I use Dropbox which is a free online storage service that can effortlessly sync and backup 2gb of data between your computers and smart phones. Dropbox transfers and stores data securely, so you can feel safe putting a file like this in one of your private Dropbox folders. You could also use the mobile Dropbox and Keepass apps to securely access your passwords from your iPhone, Android, or Blackberry device.
If I’ve convinced you to use a password manager, perhaps I can convince you to start using secure passwords as well. Keepass has a great feature for generating complex, unique passwords of any length. Passwords like “3ef#4f!@” are much harder to crack than passwords like “baconman”. The annoying part is coming up with a secure password that you can remember. But now that you are using a password manager you can make your passwords as long and complex as you like. Keepass’ password generation works great for this. Another one I recommend is this website: https://www.grc.com/passwords.htm. You don’t have to generate a crazy secure password for every account you setup. If it’s a junk site that you don’t really care about, go ahead and use one junk account that you don’t really care about. Just use common sense. If the website is going to be holding financial or private personal information, always generate a secure password. If it’s just a dumb forum or site that required you to sign up so you could access one piece of information, use your junk account.
Simple. Accessible. Secure.
It’s a secure and simple solution, but it requires changes in habit. Be proactive and share these concepts with others. You don’t want to be reacting to your Amazon.com account getting compromised and having some joker send you or your grandmother a box of condoms with your own money.