Much like the real world, the internet can be fraught with dangers. Keeping your online identity and personal data safe can feel like an almost impossible task, with every website and service needing you to create an account and a new password. “Don’t use the same password you’ve used elsewhere” they’ll say… but who can remember 100 different passwords? It’s just impossible to do. Of course, they are right; using the same password for every site or service is a very bad idea, as if one becomes compromised, the ‘hacker’ will be able to access everything.
So, what do you do? RIDEA Technology recommends that you record your passwords. There are two ways to do this:
Use a password manager application, such as 1Password, KeePass or TrueKey. Such applications allow you to create a record for each website or service you use, where the password is securely stored and can only be accessed by the entry of a ‘Master Password’. Just as long as the Master Password is kept secure, so will your other credentials.
A paper record of your passwords. It’s a low-tech solution but done well, it’s easy to use and won’t cost very much if anything at all.
Password Manager Option
Using a Password Manager application will likely cost you a subscription fee. However, this is worth considering as it does have some advantages such as password generation, where the application can create and record a password for you, which you can then copy and paste into the password field on the website or service for which it’s needed. These passwords will be unique and extremely hard to guess or crack, as they’re not a dictionary word. Most Password Manager applications will have a web-browser plugin, so whenever you reach a login screen, the plugin will recognise it and either offer to create and save a password for you or enter existing login details, if it’s a site already in the database. Unlike the password save options built into web-browsers, the password is stored in an encrypted database, so it’s highly unlikely that anyone would be able to extract your password from your machine. Some Password Manager applications can also store other personal information like your banking details or software licensing information, which is all encrypted and hidden behind your Master Password.
The Low-tech Approach
The low tech solution can work well too. Granted, it will require a bit more “manual labour” in recording passwords and then entering them on websites, but if the Password Manager route is a bit too complicated for you, it’s a good way to secure your credentials without making it easy for someone else to gain access to your logins.
The principle is to have a split password. The first part ALWAYS remains the same, and you NEVER write this part down. It needs to be something you can easily remember, but not too obviously associated with you. The second part of the password is unique to each website or service you use and must be written down. You can use a notebook or a dedicated password recording book to do this. You could also create a document on your computer with the information in it too if you wanted.
Here’s an example, which shows logins for three websites:
So in the above example for ‘JohnLewis.com’, the full password would be Cycle!8768&%L
Part 1 of the password is relatively easy to remember, but part 2 is written down, so you don’t need to remember it. If anyone were to find your password record, only part 2 is written down, so they couldn’t log in, as they wouldn’t know part 1. Each website/service has a unique password, so if one of the passwords were to be compromised, it couldn’t be used to log in anywhere else. Such a compromise is most likely to occur online, so even though they do now know your part 1, they wouldn’t necessarily be aware that is how you’ve structured your password, and even if they did, they’ve not got your password book and hence still only have half the information.
If You Secure Nothing Else…
One important login to have a really strong password for is your email address. The reason for this is that for most services, your email address is used for password reset services. That means if someone has access to read your email, they can request a password reset for any website or service to which that address is associated and then access the email sent through to falsely confirm they are you. Once they’ve cheated their way into assuming your identity, they’d then be able to change your password and access the website or service.
The reality of this situation is that it will always be something of a pain. However, if you can utilise the methods above, hopefully, it will be a little less painful, and your online world will be a whole lot more secure.
1Password (subscription service) – https://1password.com/
KeePass (free service) – https://keepass.info/
TrueKey (subscription service) – https://www.truekey.com/
Password Log Book – http://amzn.to/2hORI0v