9 Rules for managing passwords

In light of the recent Heartbleed virus and the number of people who needed to reset passwords to various accounts, it seemed to be a good time to discuss the password itself. Today’s generation faces something that people twenty years ago probably couldn’t fathom; the need for multiple passwords and then inevitable password problem that develops.

With all of the accounts people have, from a basic logon to a smart device or computer to passwords for banking accounts or Facebook, you have quite a few passwords to keep track of. If you pay bills online or like to utilize various online services like Amazon or Netflix, then you probably have a good two dozen or more to keep track of.

While it might be easiest to simply use the same password for all of your accounts, everyone knows that is not very safe; thus the password problem. How do I make and keep track of all of this information?

Password Rules – A Must Read!

Most people gloss over security rules like the fine print on any user agreement, simply content to click on “I agree” to not waste time, but these rules are there for a reason. Simply put, you need to protect yourself. You wouldn’t walk around on the wrong side of town holding fistfuls of cash would you?

• Rank your sites and services – Each site should be considered green, yellow, or red based on the type of data stored on the site. Red is critical, yellow is moderate and green is minor. Red sites would be anything that has critical personal information such as banks, business accounts, etc. Yellow would be those accounts that have a certain amount of personal information and green would be those minor accounts that you wouldn’t worry if they were breeched. From there spend the most effort protecting red sites and the least on green.
• Avoid using the same password across multiple sites and services – This is sort of a no brainer, however if you use a ranking system then using the same password on green sites should save some time and energy.
• Be very unique with passwords – Ideally you should avoid using a root word, such as “dolphin”, with a number or numbers on either side. These are incredibly common and people who will try and breach data know this. People often use things like their name, age or birth year which can be easy to guess. For “red” sites you really need to go all out with something like “RoG47x12swattic”. While we said earlier you could use the same password for “green” sites, it should still be a unique password.
• Carefully consider reset questions and answers – Have you ever noticed how common the password reset/recovery questions are? In today’s digital world it isn’t that difficult to find out where someone went to elementary school or the name of the street they grew up on. The way to solve this is either to create your own unique questions or come up with a fictional group of answers you use for the questions.
• Use longer passwords – Longer passwords take longer to crack when raw data is hacked from a database. Often a password is represented in an encrypted format. Shorter passwords take less time to hack compared to longer one.

Additional Ways to Be Safe

• Use a password manager – Password managers help generate strong passwords that are unique and not connected to you personally. They then store them in an encrypted database which has a master password. LastPass, Password Box, and Dashlane are three of the more popular managers.
• Use a breach monitoring service – This is an “okay” option because not all breaches are visible. They track for visible lists of compromised usernames online and then notify you if one of your usernames pops up as being attached to a recent breach which lets you know to change your password.
• Change passwords regularly – To be completely safe you should change passwords regularly. While some security experts might recommend monthly changes, which should probably only be done to your high level “red” sites with quarterly being often enough for other sites.
• Don’t store lists of passwords – Or if you do, at least be sneaky about it. Far too many people simply keep a list of usernames and passwords as a file on their computer or handwritten and leave it near a computer. While the handwritten method avoids cybercriminals, is doesn’t stop people who are physically at your location. Use a cipher or code for any list you might keep and place it in an odd, yet memorable location.

The password problem is most certainly one that will continue to grow as most people are adding new usernames and passwords to their life quite regularly. Utilizing a well thought out approach to ensure your information stays safe is not only wise, but will reduce concerns for your data if there is a breach.