Wednesday, January 22, 2020

Day 22: Organize Your Passwords

Password management is a lot like flossing. It's very important to do but it can seem like an awful lot of work. Until the day that our computers let us get into everything by just seeing our faces and listening to our voices (assuming that this can be done in such a way that it can't be hacked), we're stuck with the idea of creating passwords for every site we use.

Because we can't remember so many different passwords, we try to go the "easy" route and use the same password for everything, or we pick things that are too easy to guess. And that's a very bad idea. We already know that so many websites have experienced security breaches, some of which have resulted in IDs and passwords being loose in the wild, ready for hackers to exploit.

So what can you do? First, install a password manager on your computer. The most popular choices are 1Password and LastPass. Personally, I've gone with 1Password, but I'm not here to argue one over the other. Just go with one.

You'll need a master password to get the most out of these so that you can safely store your individual passwords in the software's vault. Here's a tip for you: While individual words make for lousy passwords (because hackers can quickly use a dictionary of a few hundred thousand words to figure out which one you've chosen), you can string together a series of words that won't appear in any dictionary and that you can still remember if you choose wisely.

How do you create that string of words? Think about some favorite song (not one that everyone knows is your favorite, but instead perhaps a guilty pleasure song from your early days) and use a set of words from the lyrics. Or pick an obscure poem that you're a fan of, and use part of a line from that. Or pick part of a favorite quote. In all cases, just put 4 or 5 words of those words together into one long string, and voila, you have a master password that is essentially impossible to guess but that you won't need to write down anywhere (although you may want to include it on a piece of paper in your safety deposit box in case your heirs need it after you are gone).

Now you can create far more obscure individual passwords for websites, and then store those in your password management software. If you still want some individual passwords that you might still be able to remember but that will be hard to crack, then you might do this: Choose a year from an ancestral event (maybe the birth year for a favorite great-great-grandparent), and add that to a word that changes depending on what website you are using. For instance, if you like flowers, and the website's name start with "r", then you might be able to use "rose1854" for that site, and for another site that starts with "m", use "marigold1854". In this way, you'll still be able to access websites even when you're not using your own computer and therefore don't have access to your password manager. You can probably come up with an even harder to guess system than the one I've outlined, and if so, fantastic! It's always a trade-off between using a tough-to-guess password but still a password that you yourself can remember.

1 comment:

  1. I started doing this about two years ago when I heard a security specialist discuss this subject. I have a four different ones that I use depending on type of site. One for finance/important ones, health, shopping, and separate one for genealogy sites. I put special characters in the phrase so it meets requirements for passwords of sites. It’s made it much easier to keep track (although I still have a spreadsheet to do this)��