Keep Your Passwords Safe
More and more frequently, password-related issues are becoming a regular part of our lives. Whether it’s a hacked Facebook account, services requiring you to change your password every six months (how many new passwords can I remember??), or keeping up with the constantly increasing requirements of secure sites for the complexity of passwords, knowing how to manage your passwords is a valuable skill.
Part 1: Why You Should Not Use One Password for Every Web Site
You may be tired of me writing this, but here’s the Staffhacker Question: Why should I care about this?
The answer can get somewhat technical (if you’re a geek, see this xkcd comic for an illustrated guide to master-passwords-gone-bad), but here’s the simple version: if one web site (say, some insecure little app run by people who know nothing about securing your password) gets hacked, the hackers now can login to all of your accounts (including, say, your Facebook and email and bank account.)
Part 2: How to Create Secure, but Memorable, Passwords
If you want to really commit to this change, Lifehacker has an exhaustive (and potentially exhausting) article titled How to Update Your Insecure Passwords and Make Them Easy to Use. It walks you step-by-step through how to set up a password management system, hunt down your old passwords, and switch over to the new system. It’s also extremely long, so we’ll cover just the basics here.
In order to create new passwords for all of your logins, you’ll have to create a system. The easiest-to-implement and hardest-to-remember system for passwords is just to create a different password for each web site–create them yourself or use computerized password generators. This is, of course, your safest bet, but is also your easiest route to frustration. If you’d rather a system you can actually remember, take a look at Lifehacker’s tip on how to choose and remember great passwords. Gina Trapani suggests combining a base password that is common across every password (like #GOKWIDWY) and then appending a code for each site to that site’s password–something like, for example, “BYEA” (first two consonants and first two vowels of the service). See the Lifehacker post for greater detail.
Part 3: How To Remember Your Passwords
Finally, once you’ve determined to update your insecure passwords and figured out your system (or lack thereof), it’s time to store those passwords. Some people choose a password-protected Excel spreadsheet, and while it’s not the most secure option, you can take it with you on a thumb drive and access from most anywhere.
However, there is a slew of of excellent password management apps available for your use, so there’s really no good reason to not take advantage. Password management apps vary a little in their feature set, but their basic use is to store your passwords for all of your web sites in one centralized, secure place on your computer (Keepass and 1Password) or a server (Lastpass) that is only accessible by a strong master password and that can sync with your browser to make it easier to plug the passwords into your web sites.
Here are the three biggest contenders:
Lastpass is free and the simplest of the bunch. It’s focused around browser connection, and has a plugin for every major browser. It handles almost all of the work for you, keeps your passwords safe, manages the password database on its web site, and keeps everything simple. Lifehacker is a frequent supporter of Lastpass, and wrote a short piece about its benefits.
KeePass is also free, and it has quite a few browser extensions; however, it’s not quite as ubiquitous in its browser support as Lastpass. The two greatest benefits are: KeePass allows you to store your password database as a file on your local computer, which can provide an added level of security, and KeePass is also geared to additionally store non-web passwords and secure information–think of it more as a master password database that happens to have plugs into your browser, where Lastpass is a browser password plugin.
1Password is not free, but it’s so good that it has to be included. Its design and build quality are so high that, despite Lastpass and KeePass providing much the same level of functionality, it’s really worth taking a look at 1Password.
1Password’s video introduction is out-of-date, so the style (and that they say “Mac app”, whereas 1Password is now available for iOS, Windows, and Android) is not correct–but the general functionality is completely on-point.
Do you have any tips, tricks, or a favorite app for managing your passwords? Share them with us in the comments.