With my rapidly growing list of over 165 passwords and usernames and an increase in mass password breaches, I decided today is the day to seek out a better and a safer way to create and to keep track of my passwords, usernames and other confidential information. As it turns out, this is easier said than done! There are lots of different ways to do this and each way has advantages and disadvantages.
Below are some basic password guidelines. I admit I am guilty of one or two on the “Do not” list. Gulp!
- Do use strong passwords with combinations of numbers, uppercase and lower case letters and special characters including punctuation
- Do make passwords 8 to 20 characters long
- Do change your passwords regularly – at least every 6 months
- Do not use obvious passwords such as names and numbers pertaining to yourself and your family members’ birthdates and names (Avoid Password1, which is one of the most commonly used passwords)
- Do not use your username in your password in any form (backwards, doubled etc)
- Do not store passwords in unencrypted documents on computers or cell phones as these become easily accessible if your computer or phone is hacked
- Do not store written passwords on papers close to your computer where others can access the information
- Do not use the same logons and passwords for multiple accounts
- Do not have your browser remember passwords for you
- Do not copy and paste passwords from your computer
- Do not provide your password to any person or any site
PASSWORD MANAGEMENT SOFTWARE
Many people use the following passport management programs to generate and keep track of passwords and other confidential information: 1Password, LastPass, KeePass, KeePassX, RoboForm and Firefox Sync. Most users are very positive about these programs and say they don’t know how they managed without them.
While many people sing the praise of these password managers, I have a trust issue with them because personal information is stored on servers (in the cloud) that are owned by someone else. Call me paranoid, but isn’t it just a matter of time before someone manages to hack the cloud? Isn’t it better for me to be the only one with easy access to all my private information in one place, encrypted or not?
For convenience, I use Dropbox to access non-confidential documents and photos from multiple computers and from my Android Smartphone. Evernote is also popular for this purpose. But I’m not comfortable storing any confidential information on someone else’s server, and that includes my usernames and passwords.
USING BIOMETRICS FOR PASSWORDS
Biometric software uses fingerprint, hand and facial recognition and can even include DNA matching, signature verification and voice recognition. Biometrics are used by individuals and organizations that have experienced phishing, hacking or key logging attacks and also by those that need to protect and monitor data, infrastructure, processes or equipment. Users include but are not limited to the military, banking institutions, border control, airports, science, libraries, schools, labs and more.
Biometric fingerprint readers are the way to go, according to Anna Winningham, a former FBI agent and current Cyberspecialist. I am in the midst of researching which is the best biometric reader for my needs and will report back after I purchase and test mine out.
A book called, “The 5th Dimension Password Keeper” keeps complex passwords hidden in plain sight by encoding them into a crossword-like matrix of random characters. Passwords cannot be hacked as they are not stored on the computer. Only the user knows where to begin and which direction to read. This book is perfect for those that need occasional access via passwords – it’s too manual and cumbersome for my needs.
What method do you use to create and keep track of your passwords?
Please share your valuable opinions, tips and recommendations for creating and keeping track of passwords and usernames in the comments section below this article.
Until next time …