2 Important Reminders for Managing Your Mountain of Passwords

Passwords - ugh!  While absolutely necessary and critical for our own protection they are nevertheless cumbersome, lack uniformity and can be difficult to retrieve at times.  The idea of this article was triggered as a result me having ignored what is a pretty efficient system for managing this growing library of odd phrases that have become critical keys in our lives.  It comes right down to security and access.

Security

In order for our passwords to be secure they need to be private and not easily unraveled by someone else.  You probably know by now using your birthday or phone number as a password comes close to advertising access to your private information on a billboard.  These are some of the first things a hacker would try to get passed your "secure" sign-on.  Nicknames, middle names, your kids' names, school mascots would be other examples of password with very low security.    This information is plastered all over your social media and in other places where information about you is generally well-known.   All are easy targets for would-be hackers.  We use these because they are easy to recall which makes sense.  Unless you use it everyday it's difficult to recall passwords like "dZ45!yP".  There are some simple ways around this that I think you'll find useful.

First, some things we know about creating an effective password are:

• Use a variety of character types, such as alpha, numeric, and symbols if allowed.
• The more characters the harder it will be to decipher so use at least six to eight characters unless otherwise constrained to smaller number.
• Use both lowercase and capital letters.
• Avoid passwords that are based on personal information that can be easily accessed or guessed.
• Paraphrase when you can.
• Avoid using repeating or consecutive sequences (8888, 1234..., abcd.., xxxx...)
• Use different passwords on different systems.
• Add complexity. Make only the letters in the first half of the alphabet uppercase.
• Avoid using words if possible.  Try using a an acronym for a phrase you recall easily.  (e.g. My favorite food is chocolate. = mffic)  
• Use a number sequence that you can easily recall but is virtually unknown online or by others like the year you got engaged, the year you hope to retire.  Some people can never forget the last four digits of their first phone number...I'm not one of those.  

Now that you understand some parameters around creating a password you can come up with a password that is fairly well-encrypted yet easy to remember.  A little trick I use comes from what I learned in Kindergarten, well sort of.  First, most of us recall that favorite teacher from our elementary school days or maybe it's a coach or favorite toy.  Whatever it is, there's usually something that still stands out in our memory from long ago.  If you can recall it now, chances are you'll still be able to recall in a month or year from now as well.   Next, select that number seuqence that is meaningful to you in.  Maybe it's a year, stay away from the year you were born though. Using these two pieces of information we can create a password you'll find easy to recall but attackers won't. 

For example, let's say you chose the last name of your first coach, [Aldrich] and you choose the year you started kindergarten [1970].  From those two pieces of information and applying the rules above you can get [Aldrich.1970].  We know that password authentications are sometimes limited to a certain number of characters and character type, so create a long, medium and short version.  In this example, the long will be the one we already created [Aldrich.1970] and medium and short version might look like this [Aldrich70] and [A1970], respectively.  Using this method you'll easily the pieces of info that make up your password and only need to determine if it's the short, medium or long version.  And it's personal information that would not be easily discovered if at all.  I will often times use those terms (short, medium or long) as my password hints to keep them even more secure.  


Access

Try though we might to devise highly secure passwords that we can easily recall we sometimes just can't seem to remember.  In addition, systems may lock you out after a few tries, so ensuring you have the correct password without making extra attempts is important.  Where do you store your passwords?  Let's hope they aren't on a Post-It note by your desk!  Yikes!  Here are a couple of ways to make passwords easily accessible for when you need to recall them.

1. Remember the the address book?  No, not the Mac application on your computer, but the little black book with names and numbers listed alphabetically.  I can't imagine they are getting much use anymore, but they are indeed still available.  Get yourself one, I use a small pocket-sized one because I can easily store it in a secure place.   And each time you set up an new password use the address book to record two things: the login ID and the password hint instead of the actual password.  For example, record whether you used the short, medium or long version of your main password.  That way an intruder searching for access to your stuff would get nowhere.
2. Another option which is more accessible and can be secure but will require some work on your part is to store your passwords in an email folder or on your computer IF and ONLY IF your internet service provider offers encryption, your computer is password protected and you are accessing the information in a secure area.  If you don't know these answers  you'll need to do some work.  Leo Notenboom wrote a great article addressing this issue.  I would encourage you to see what he has to say, it's very helpful.

The bottom line is that ultimately you are the one responsible for ensuring the security of your personal information.  The use of passwords to access restricted areas isn't going away in the near future or maybe ever.  So, it's important to have a plan around how you create and manage them.  Maybe one day we will all have one password that is as secure a Fort Knox which we use for accessing all of our private information and personal accounts.  Wouldn't that be nice!