Last Friday I blogged about how to choose a password. Today I’ll cover the problem of how to keep all your passwords safe and secure. If you’re like most people, you probably have dozens of passwords for all the different web sites you use. With work and personal passwords it is possible to have over 100 passwords. This is way too much information to keep in our heads. How can we manage them all, without choosing simple easily compromised passwords?
For websites that require a password, contain little or no personal data, and if someone found out your password, really wouldn’t matter use a common simple password. For example, if you need to register online in order to download a free program, or to enter a competition, and so on. Pick a simple password and reuse it on these types of websites. This basic password will cover many of the passwords you need to remember.
Website’s that contain your personal or professional data need to be treated differently, this includes sites that handle online payments.
First you should consider using a different password for each such system. If someone discovers your password on one site they can use it on others. If you do use a different password on each system there should be no link between your passwords, otherwise it’s easy for someone to work it out. Your passwords for these systems need to be strong, containing letters, numbers and symbols.
So how do we remember all those strong passwords?
First, I do not recommend storing your passwords in your smart phone. Although this is very convenient it is also the least secure device people are currently using. Smart phones are frequently misplaced, stolen or left sitting on a table or desk unlocked. This makes it very easy for unwanted people to have access to the information on the phone.
If you are a paper and pencil list keeper and would like to keep your password list on paper, I would suggest that you write the passwords in a notepad and keep the notepad in a secure/locked location so that prying eyes do not look at your password list. If you’re going to keep a list of passwords on paper do not leave the piece of paper under your keyboard. That is the first place somebody who is interested to find a password list will look. Paper is more secure than a smart phone but not as secure as using an encrypted database for your passwords.
The most secure method is to keep your passwords in an encrypted database on your PC. The only password you need to remember is the one for the encrypted database. You’ll want to make sure that the password used for the encrypted database is very strong. There are many password manager databases available. The best known and most trusted are KeePass and Password Safe. They are both free and have different workflows for retrieving passwords and putting them into websites. They allow you to group your passwords and they both have a notes section for adding security questions that are required by websites. If you’re interested to use an encrypted database I would recommend downloading both of these databases/software programs and work with them to determine which one you prefer.
KeePass can be downloaded at http://keepass.info/ and
Password Safe can be downloaded at http://passwordsafe.sourceforge.net/.