This post is the 5th in an ongoing series about passwords. You may want to check out the other parts by clicking on tag: passwords.
Where we’ve been so far
I’ve been talking a lot about passwords around here lately. In previous posts, I’ve gone over the perils of
- using simple passwords,
- using the same password for every site,
- using the same password for social networking sites and banking sites,
- entering passwords on networks that aren’t secure, and
- entering passwords for sites that don’t start with https
I also pointed out that it is unreasonable to expect people to remember many, many different passwords. Our minds just don’t work like that–and they never will.
To combat the tendency to create simple passwords, I pointed out a few tricks that can be used to create complex but memorable passwords. These tricks included using fake words, acronyms from phrases, and shifting your fingers on the keyboard.
These tricks work well, but they still take effort. It's also all too easy to fall victim to laziness and complacency. We’ve all been there–me included. Unfortunately, it’s when we let our guard down that we’re most vulnerable.
A better way to manage passwords
I remember when the only “passwords” I had to remember in life were my 4-digit ATM PIN code and gym lock combination. Those days are ancient history. My “on board” memory worked fine in that simple world, but the key chain between my ears can only hold so many keys. Today, there are well over 100 websites, computers, networks, software systems, etc. that require me to enter a password.
How in the world can I expand the key chain in my head? I can’t.
In my mind, the only viable solution to our modern day password conundrum is to use a program to manage your passwords. Using a password manager, no matter which one, should at least have the following benefits:
- All (or almost all) of your passwords are kept in one, secure place
- All of your passwords are protected by one, very secure password (the only one you have to remember!)
- Most password managers have built-in tools to generate random passwords for you; this takes the burden off you to come up with creative tricks to remember your passwords
Don't run away
Some people are initially skeptical of password managers. The common fear expressed goes something like “if someone gets into my password file, they have all my passwords.”
True, but aren’t you already exposed to that risk if you’re using the same password for multiple sites? If any one of the thousands of web servers holding your single password is compromised, someone will have access to all your sites. I can remember at least five times over the last few years that my credit card company has sent me a letter saying that they are issuing me a new credit card because my account information "may have been stolen." These things happen and are absolutely inevitable.
What's even more likely is that your password will be intercepted over a public wi-fi network, as I discussed in previous posts on passwords.
I contend that the absolute best approach to minimize the chance of someone doing widespread damage to your online finances and private information is to use a single password manager. It also allows you to give up on the idea of remembering passwords for sites. You simply generate an unmemorable password for each site, and go to your password manager when you need that password. This probably sounds like way more work than it is. Trust me–it’s really simple.
By using one, very secure password to protect all of your passwords, you’ve reduced your risk exposure from many, many points of attack online to a single, encrypted file. So even if Bank ABC’s web server gets hacked and the thieves get that password, that’s all the damage they can do. The only have one key; all your other doors have different locks.
In the next few posts, I’m going to provide more details on which password managers I recommend–for both PCs and Macs. I will also reveal which one I think is the king of them all–and tell you exactly why I feel that way (and why many others agree with me).
Believe me, I’m trying to simply your life, not complicate it. This is one case where security and simplicity can coexist.
[Photo by mbrand via Flicker]