Create a Password Management Plan
1. Use a Password Manager
One problem is we seldom realize how many passwords we have until we start recording them. This is where it becomes essential to have a good password manager that securely stores this information.
A good software package will accommodate many information types whether it’s your credit card number or bank login. These programs should also encrypt your data with a non-proprietary encryption method. Some password manager programs that I’ve used include RoboForm, SplashID and LastPass.
2. Prioritize Your Passwords
When a crisis occurs one of the first steps is to triage the situation. The same applies to your passwords based on what you’re trying to protect. As example, the password to access your bank takes a higher priority than one to read the online version of a magazine. The key question is what would you lose (or someone else gain) if someone else got access.
When evaluating the risk, also think about what an online service knows about you. For example, you may not think twice about merchant XYZ. You only bought from them once in the year. But what if the service maintains your address and credit card data for easy ordering? Do you also use that password on other popular ecommerce sites?
3. Create a Password Formula
Relax, this is not as complicated as it sounds. The idea is to make it easier to remember your passwords. You don’t have to go through a brain drain trying to think of something clever.
If you are stuck, most password managers have a feature where they can create a random password for you. While this method works, I prefer to remember mine in case I need to log in from a remote computer.
The trick I use is to think of an expression, book, slogan or quote that relates to what I’m protecting. From there, I use a formula to apply against that expression. It might be the first letter of each word, last or both. This is like the old tricks people used to remember the lines of the treble clef. “Every good boy deserves fudge.” Below are some sample password formulas to give you an idea.
|
Starting Phrase |
Sample Formula |
Resulting |
|
Every good boy deserves fudge |
First letter of each word |
Egbdf |
|
Every good boy deserves fudge |
Last letter of each word |
ydyse |
|
Every good boy deserves fudge |
Number of letters per word |
54385 |
|
Every good boy deserves fudge |
First word letter + word count |
Egbdf5 |
On a related note, some sites also have security questions they ask in the event you forget your password. Perhaps, the most popular is "what is your mother's maiden name". All it takes is one relative to have posted your family tree online and the info is public. Instead, just make up one. I've never had any site come back to me and tell me the maiden name I posted was incorrect.
4. Routinely Change Passwords
Even though you may have a strong password, you still need to change it. I change my important passwords and batteries when I adjust the clock for daylight savings.
There is one password I don’t change that I call my default sequence. I use it for sites that require registration to read the content. I use the same account and password as there is little risk. I don’t even record these entries in my password manager.
5. Know what to Expect
One nice thing about changing passwords on your schedule is you know what to expect. Most systems will send you a notification when you change your passwords. This gives you an opportunity to see what these real emails look like.
- Does the email contain your name?
- Does the email have a line about who to contact if you didn’t request this change?
- What is the sender’s email address?
- Does the email use no-reply address?
- Is the email plain text or HTML?
Once you create your password management plan, I’m sure you’ll see that it takes less time to manage than you thought. Plus, you’ll also be thankful you have all the information in one safe place.
Last Updated (Friday, 18 December 2009 14:02)