How to Easily Manage and Secure Your Passwords
In this day and age, everything needs a password. Use good password hygiene to keep your passwords safe and secure.
Once upon a time, we protected our valuables physically. When our beloved shmoopie gave us a set of platinum pillowcases (remarkably impractical but it’s the thought that counts), we would fold them carefully and put them in a safe deposit box. It required two keys—ours and the bank manager’s—to open. As safe things go, we would make things pretty safe.
Now, much of our lives are electronic. We talk to our banks, our brokerages, our social media accounts all through the internet. Heck, some of us even have money that’s nothing but electronic bits. The electronic equivalent of that two-part lock is our password. And compared to the physical locks, our passwords are very insecure, indeed. Since I’m something of a security geek, join me to explore password best practices. I’m not going to try to explain the rationale behind each tip. If you’re interested, you can read up on computer security on your own. Today we’re just making a to-do list.
Use Strong Passwords
Use strong passwords. Strong passwords are passwords that are hard to guess. The ideal is to use a long string of random characters, like ns.gHkdvH8ef8N92HiCJZaMuG7d&n6. Choose a password that’s at least 23 or 24 characters long.
Some security experts recommend using the first letter of each word of a memorable sentence, with some punctuation added. “Frisky cats enjoy 437 different types of cat food” becomes Fce4dtocf, and then you could add a # or @ to make it a bit more obscure. The problem is that you need a pretty long sentence to get up past 20 characters.
If you want a password that’s more memorable, choose several words at random and string them together with punctuation. Since words are easier for hackers to guess than random strings of letters, if you use this method, use somewhere between 5 and 7 words. Do not use proper english sentences, just a string of words like: airplane-octopus-hero-holdup-legion-radio.
Use Different Passwords Everywhere
It’s important not to use the same password in multiple places. You’ve probably noticed that trusted institutions keep getting hacked, and their data gets stolen. We’re talking companies like Experian, whose only reason for existence is keeping accurate, secure data, and yet let loose 140 million people’s personal information because they didn’t even follow the “use a strong password” guideline. Then there’s Target, which gave an outside contractor access that led to huge amounts of stolen data, and Yahoo, which accidentally allowed a billion accounts to get hacked.
If you use the same password in multiple places, then a hacker that gets a hold of your password in one place can try that password first when attempting to break into another of your accounts. If you use the same password on Yahoo and Google, then one account breach gives them both accounts.
If you want to amp up this technique, also use different usernames on different sites. I generally choose a random word from the dictionary as a username. So my usernames are things like Zombie, Global, Domination, and Freeze-Ray. No one would ever be able to guess any sort of pattern.
Don’t Write Passwords Down
Now that you’re choosing different usernames for each site and strong passwords, you will be tempted to write down your usernames and passwords on a sticky note and tape them to your computer. Please, please, please don’t do this. There’s no guarantee that the person who comes into your office to empty the waste baskets isn’t an Evil Undercover Computer Black Hat Hacker, hell-bent on stealing your identity. Commit your passwords to memory!
Use a Password Manager
But don’t try to commit them to your own memory. You almost certainly already use dozens or hundreds of websites. I use thousands. There’s no way to remember all those usernames and secure passwords by heart. So use a password manager.
With a password manager, you store all your passwords in a password vault. You protect that vault with one super-secure master password that you do memorize. You never, ever write down that master password except in your will vault, so if something happens to you, your estate can access your password-protected electronic thingees.
Any good password manager will integrate with your browser so it can autofill your usernames and passwords. It can also generate secure passwords for you when you need a new one.
The security of your password manager is super-duper important. Since it contains all your other passwords, if anyone finds a way into your password manager, they’ve just gotten in to be able to take over your entire electronic life.
Don’t commit passwords to your own memory!
There are dozens of password managers out there, but you want to be very, very careful which one you choose. Most have not been created by security professionals who are deeply versed in how to protect sensitive data in a hostile environment.
The two password managers that have been the best rated by security professionals are 1Password and Lastpass. Personally, I use 1Password. It runs on every platform—Windows, Mac OS, iOS, and Android. I’ve read their security white paper and spoken with one of their developers at length, and it’s quite clear that they know what they’re doing, and they take security very seriously.
For a brief, golden period, the online world was a friendly and welcoming place. No more. Now, it’s a dog-eat-dog network out there. Everywhere you look are hackers, foreign powers rigging elections, and even our own government spying on us. When your 21st-century shmoopie gives you virtual platinum pillowcases, protect yourself! Create a virtual safe deposit box by using unique usernames and passwords for every site, using strong passwords, and a password manager to make it easy to manage. Then you only need memorize your One Strong Password, and it will be child’s play to rule them all.
I’m Stever Robbins. Follow GetItDoneGuy on Twitter and Facebook. Want great keynote speeches on productivity, Living an Extraordinary Life, or entrepreneurship? Hire me! Find me at Stever Robbins.
Image of Password Protection © Shutterstock
You May Also Like…
About the Author
Stever Robbins was the host of the podcast Get-it-Done Guy from 2007 to 2019. He is a graduate of W. Edward Deming’s Total Quality Management training program and a Certified Master Trainer Elite of NLP. He holds an MBA from the Harvard Business School and a BS in Computer Sciences from MIT.
