When it comes to assigning and maintaining passwords, it is astonishing how complacent we can be… Everything that we access on the internet, that is on a personal and private level, requires an account username and password, (i.e. Our internet account, email, banking, purchasing, instant messaging, community sites, places of employment, etc.). The majority of us will use the same username and password for every account we access and will usually use one word (for the password) that is something that we hold close to ourselves (i.e. pet’s name, child’s name, nicknames, birthday, etc.) . Instead of using good password management practices, we end up playing “PASS-the-WORD” from one account to another. Another fact is that we will write the password(s) down on a scrap piece of paper; then we’ll stick it on the computer monitor, under a desk pad, in a desk drawer, etc… We innocently do these things, as a matter of convenience, so that we do not forget the password.
What are the risks of weak password(s) falling into the wrong hands?
A person can access our accounts to impersonate us; monitor our activities; acquire personal information; sign our name to online service agreements and contracts; change our account information or profile, acquire credit card information, etc.
What to do (some basic password management tips):
- When possible, use a “Passphrase” instead of a “Password”. “Passphrases” are nonsensical sentences that are easily remembered. For example; by typing “My wife calls me donkey! Wonder why?” is harder to crack than using the password “donkey”; however, the problem we run into is that many services do not allot enough character space to type a full sentence or phrase. If you have to use a “Password”, use at least 7 characters, make it easy to remember, avoid dictionary words, avoid number sequences, and throw in an upper/lower case mix with some symbols (for example: Eye812!). The longer the password, the better.
You can test the strength of your passwords at Test Your Pas$word.
- Use good password management practices when protecting accounts that are very important.
- Do not share the password with anyone.
- Change the Password or PassPhrase on a regular basis. We have the tendency to not change our passwords for years.
How to manage numerous passwords:
I use a software program called KeePass Password Safe to manage my passwords. “KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish)”.
KeePass is currently available in two different versions (Classic and Professional). For home use, the Classic version is sufficient, plus it is not dependent on any operating system prerequisites. Portable versions of KeePass are also available that can be used on a flash drive.
Multiple User Keys
Portable and No Installation Required
Export To TXT, HTML, XML and CSV Files
Import From Many File Formats
Easy Database Transfer
Support of Password Groups
Time Fields and Entry Attachments
Auto-Type, Global Auto-Type Hot Key and Drag&Drop
Intuitive and Secure Windows Clipboard Handling
Searching and Sorting
Strong Random Password Generator
ADDITIONAL NOTE: Though KeePass was originally created as a password manager, I have found a second use for it. In addition to managing the websites I visit that require username and password access, I also use it as a bookmarks/favorites manager for all the websites I visit. I’m still experimenting with this, but so far it is working great as a bookmark manager as well.