In my last blog entry, I talked about using some ‘Cloud’ based Password Managers to keep track of your passwords across your many devices. As I was writing the blog I was imagining some of you who would be ‘yelling’ at the text – “There’s NO WAY I would store all of my passwords in the Cloud!”. The reality is that what you are storing in the cloud is just an encrypted file that only you have access to, BUT, I can certainly understand the hesitation. If you are looking for ways to manage your passwords and strictly keep them local (or not written down at all), keep reading:
1 – Use a Password Manager like KeePass. KeePass is a program that only resides on your computer. It is open source (which means anyone with the skills can look through the code and make sure there are no ‘back doors’). The program is basically a password protected, encrypted database of your usernames, passwords, etc. You can organize them by groups or categories and even have the passwords automatically entered for you into web forms. Best of all, it is FREE, easy to use and allows you to avoid using the same password on multiple websites!
2 – Use ‘Password Buckets’ – If you refuse to document any of your passwords using a password manager, let’s at least talk about a way to NOT use the same one password everywhere, but not have to remember hundreds either. My method involves using one password for a ‘bucket’ of similar websites. For example, you would use one password for your few online bank logins. A different one for your Multimedia ones (music streaming, movie streaming, etc). One for the major big box shopping sites and one for the ‘other’ random shopping sites, etc. Always have a unique password for your email (NOT used anywhere else). In the end, you should have maybe just several passwords to remember. If you hear about one of the websites getting hacked, then you just need to change the password for that ‘bucket’ of websites, but not ALL of your logins. The higher the website security level, the longer and more complex your password should be. Your online banking and shopping websites where you may store your credit card # should have a better password than you use with your Pandora or Skype account. As always, the LONGER the password (I call it a ‘pass-phrase’), the better.
And finally, for those of you who say you can only use a single password ‘because you can’t remember anything’… Easy solution: Change all of your passwords to “incorrect”. Then, if you enter the wrong password, the computer will remind you with a hint: “Your password is incorrect”. (just to be clear, this is a joke, please do not change all your passwords to any single word!).
Back to a serious note, make sure to keep your computer malicious software free. The bad guys have ‘keyloggers’ that they use to log all of your keystrokes and send them to the bad guys. Even if you have long and complex passwords, if they are being logged and sent to the wrong people, your accounts can be compromised. Make sure to follow good security practices, download those updates, have a good, updated antivirus software, etc.