Password was once just a charming little game show hosted by Allen Ludden. Today, the word “password” triggers eye rolls, deep sighs and a little cringing.
On a recent house call we asked our customer for one of his passwords which he needed to log in to an online account. After the initial deer-in-the-headlights look he opened a cabinet and came back with a shoebox full of loose post-it notes, pieces of napkins and various colors and sizes of paper scraps on which he’d written passwords.
“I think it’s in here,” he said sheepishly.
Our customer is not alone. These days we need so many passwords it can be difficult to keep them all organized and updated. At the classes we teach we used to pass out small spiral notebooks and suggest folks take some time to collect all of their passwords and write them down in the notebook.
Nowadays, however, there are smarter and safer ways to manage your passwords:
Use a password manager service. Growing in popularity, password managers provide online storage and protection of all your passwords by “hiding” them behind a single master password that you will remember and use when visiting your online accounts.
Some password manager services are free, while others charge for the service. You will likely pay a modest fee if, for example, you want the service for more than one of your devices (smartphone, computer and/or tablet). Most of us will definitely want our password manager to cover our computers and our smartphones.
Popular password manager services include Dashlane, 1Password, and LastPass. We provide links to these three services on our website.
If you don’t wish to use a Password manager service there are still some things you can do to make using all your passwords safer and more effective:
Don’t create easy-to-hack passwords. All too often we encounter folks who are using variations of their birth date, address, pet’s name or other personally relevant item. We understand this strategy makes it easier for you to remember your passwords, but unfortunately it also makes it easier for hackers or thieves to successfully guess them.
Examples of very weak passwords:
You get the idea. Attackers use very sophisticated methods and software to crack passwords. So, the longer and more random or complicated the password, the less risky it will be. This is why websites require you to use eight or more characters, including capital letters and special symbols, etc.
We have all gotten frustrated while trying to create another new password for an online account and keep getting messages that we haven’t yet met all the password requirements so we have to start all over. But these requirements are meant to make our passwords more secure.
Don’t use the same password for more than one account. We cringe at this one, too, because we have so many passwords to keep up with these days. Still it’s an important and wise guideline to follow. The password manager services we mentioned earlier make following this guideline much easier because you only need to remember your one master password.
Use the double authentication option when available. On some websites after you’ve typed in your user name and password, a numeric code is then sent to your cell phone – you type this code into the website and are then granted access to your account. In the unfortunate situation where someone knows or has guessed your password they would still not be able to enter your account because only your phone would receive the special code.
It can be a minor nuisance to go through double authentication every time you log in to your accounts, but it does offer additional protection of your valuable online information. Many websites are starting to require double authentication for its users.
Store your passwords securely. We have seen several instances where critical passwords – e.g., Apple ID or computer login password – are taped right onto the computer. If you have passwords written down, keep them in a locked drawer or file cabinet.
If you keep your passwords on your phone as many folks do, be sure the phone itself is passcode protected. Also use your phone’s biometric feature – touch or facial recognition – as additional protection. Same with your computer, especially if you have a laptop that you take places with you. And don’t just shut down your computer when you finish using it. Also log out so that if someone did take your computer they would have a much harder time trying to get past your login screen.
Change your passwords immediately if your computer or phone is lost or stolen. This probably goes without saying, but it’s worth repeating.
We hope these tips help you to think about how you are currently taking care of your passwords and gives you some ideas about how to improve the way you create, use and store them.
Be safe and secure with your passwords online. It’s worth it.
Links to the password manager websites mentioned in this article: