Password Management: Strategic, Secure, DiscreetMarch 21st, 2012 | Posted by in Uncategorized
We’ve talked about the importance of Encryption – in transit and at rest – but a lot of people have questions about the best way to keep up with their Passwords or Encryption Keys. As you’ve no doubt experienced, when asked to create a password these days, there is usually a requirement that there be some complexity: numbers, special characters, capital and lowercase letters. With complexity arises the problem of remembering your password.
Of course, you don’t have just one password. There is one for your bank account, another for your on-line mail service, Google or Yahoo or AOL or whatever you like, and still another for your favorite shopping site. And of course one for your backup system.
There are a number of good password keepers out there, and we’ve got a very simple, free-form one you’re welcome to use. But what happens if your computer crashes and you lose the password file that contains the password that restores your data? We’ll come back to that.
First, what is a good password strategy? In general, passwords based on personal or company information that is easily obtained from the internet – such as company or account name, actual first or last name, initials of the name, system name, etc. — are extremely easy to guess and should never be used. Similarly, common or easily guessed words such as “password,” “guest” or “admin” should be avoided. Hackers know all the tricks including reverse spellings and character replacements (substituting a “3” for an “E.” etc.) and have algorithms to handle such cases.
Passwords should also be discrete and not shared between multiple systems/services/applications. Using a single password is the equivalent of using a single key for your car, house, office, mail box, and safety deposit box – if you lose that key, you lose … and give away access to everything.
Use numbers, letters (both cases) and non-alphanumeric characters and avoid common English words or common numbers (like the current year) and you will have a good password.
Now, how to keep up with your passwords. Printing them out, sealing them in an envelope and keeping them in a locked safe, or safe deposit box, is one method, though not too practical. There may be one or two key passwords you’d keep like that: especially the password that protects your backups. That is the one password that you need to have written down, locked up, onsite and offsite.
For everyday use, a Password Manager is becoming essential. If you’d like to try ours, you can download it here for free. You just have to remember one password, and because you’ll use it frequently, you’re not likely to forget it. Make it a good one! And just in case, write it down and store it securely.