Tip of the day:
Password Do’s and Don’ts
I'm going to pull up my soap box and yell - "Hear me, Hear me!!!" because this is a really important topic. I'll try not to repeat the above to much.
Background
My wife and I are retired military and had to access multiple computer systems on active duty, now we are in white-collar jobs and both of use have to maintain user ID's and passwords for many, many programs, web sites, applications, etc. in addition to the dozens and dozens in our personal life in this digital world. (I currently track over 160 different accounts, User ID's, and passwords for work and personal stuff.)
It's very easy to fall into the "User Friendly" password trap. By user friendly trap I mean:
- Using the same password for everything. Easy to remember but let it get compromised on one system and the hacker now has access to everything.
- On the other hand if you try to have "user friendly" password but different ones for different things, pretty quickly it is hard to keep track of what password goes where and then "are the User ID's different"?
So for a number of years we each maintained our password lists in a password protected Excel file with columns for Description, User ID, Password, Web Address/URL, and Comments (answers to security questions). That worked OK, but it was up to us to make sure the same file existed on our work computer, work laptop, home desktop, home laptop, and phone. And yes the files being different bit me in the ass more than once.
Password Manager Software
Years ago we bought separate licenses for 1Password and I have to say it is my #1 computer utility bar none. These days they mostly advertise their software using a SAAS model (Subscription as a Service) but you can still get individual licenses if you dig. If you go with the subscription model it is well worth it as they use very strong encryption and sync your passwords across all devices seamlessly. We have individual licenses and achieve the same result by sync'ing our "vaults" through Dropbox. So not only do we get the strong encryption via Drobox, the individual vault files themselves have very strong encryption. And with a family plan you can have different "vaults" for different people so it can really work well for Mom, Dad, College kids, grandparents, etc.
From a user standpoint the fact that my passwords sync across all devices is wonderful. Add a login or change a password on my desktop and it's instantly available on my phone.
Password Logins
The base login record in 1Password provides for Web Address/URL, Descriptive Name, User ID, Password, and a notes section for each individual entry which is free text. You can put any text you want and this is where I track security questions and the correct answer because security questions do no good if you don't remember "exactly" how you answered it to begin with. Did you type in "123 Elm Street", "123 Elm St", "123 Elm St.", "Elm Street", "Elm St" or "Elm St."? Because it's right there you know the answer.
With password manager software EVERY login can have it's own unique password - THAT YOU DON'T HAVE TO REMEMBER. You just copy it from the software and paste it into the login box. No more single password for everything or different user friendly password that you forgot which goes with which. Each and every password can be unique and quite complex. You can generate passwords like "LcqMihw$UB%J6j4yAL" and then copy/paste as needed. (Actually there is a button that when on the password field of a web page, click it and it autofill's the password for you. Most times you don't even need to copy and paste.)
Cont...