By: Stephanie Petrashko
We all struggle with keeping and securing passwords for the many accounts we access. Most users today have to keep track of sometimes dozens of passwords for e-mail, online banking, social media, and more.
It is a poor security practice to use the same password for all sites. Multiple passwords, strong passwords and the regular changing of passwords (at least every 30 – 90 days) are strongly recommended to make it more difficult for unauthorized persons to acquire a password, and prevent them from potentially having access to your account for an indefinite period.
Strong passwords usually consist of at least 8 characters, and include numbers, special characters, and upper- and lower-case letters. It is important to refrain from using common words, easily guessable words (such as “password”), or words that identify with you (such as your birthday or pet’s name). Microsoft offers a free password evaluator here: https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx
So, how can you keep up with good password security practices, without forgetting the many different passwords you have?
Consider using a password storage utility
The most secure way to store and manage passwords is to use one of many available password storage utilities. These tools allow you to create one very strong password, which is then used to encrypt and store all other passwords.
But, wait – isn't storing all your passwords in one place a bad idea? Keep in mind that a single master password unlocks them all. There are a few things to consider:
1) Using a secure password storage tool is a better approach than reusing easily remembered passwords everywhere.
2) Password managers hide your information behind a master password that only you know.
3) Good password managers offer two-factor authentication, which involves taking an additional security step to access your account. It may involve, for example, a unique code that is sent to your mobile phone and which you have to enter to access your account. Two-factor authentication therefore requires something you know (your password) and something you possess (in this case, your mobile phone), making it much more difficult for an unauthorized person to access your sensitive data.
4) Many password managers also take the additional security step of never sending your master password over the Internet. If a master password is forgotten, you have the option to reset the password rather than retrieve it. In this case, the password manager acts as a safety-deposit box that a professional keeps without knowing what's inside, or even holding a key to open it.
One example of a free password management tool is LastPass. LastPass – released in 2008 – appears as an add-on in your browser, and allows you to safely store and secure your passwords using a master password. Passwords are encrypted locally and synchronized to any other browser, and the important two-factor authentication described above is included. The tool – which includes a form filler that automates password entering – allows you to quickly generate, organize and retrieve complex new passwords. Essentially, you can log in to your accounts directly through LastPass using complex passwords that have been generated through the service. To learn more about LastPass, click here.
Use caution if writing your passwords down
The more passwords you use, the greater you may be tempted to write them down to ensure you remember them. If you need to write down a password, consider locking it in a desk, filing cabinet, or other safe location that only you have access to. Also ensure that you don’t reveal the account that it may be linked to. For example, don’t write down the URL for your bank with your password written next to it! Instead, either write down the password, without listing what the password belongs to, or choose a word or phrase that will remind you of your bank, without it being obvious.
Keep people from trespassing on your computer
Be sure to you lock your computer before leaving your workstation. Also ensure that the password that unlocks your computer is not used for any other purpose, and that it is strong.
Your passwords should always be kept private. Refrain from using “remember password” settings in your web browser, which make it easy for someone who gains access to your computer to log into your accounts.
Do not store any passwords on your computer, unless they’re encrypted. Encrypting your passwords makes them completely unreadable to anyone, except you or their intended recipients. Microsoft offers step-by-step instructions on how to encrypt or decrypt a file or folder: http://windows.microsoft.com/en-ca/windows/encrypt-decrypt-folder-file#1TC=windows-7
If you have any questions about safe password management, please do not hesitate to contact us at firstname.lastname@example.org.