You Can Have Me but Not Hold Me
With all of the recent online services and companies falling under attack to hackers in the past few months, it seems only fitting to talk about password creation and management. There are a lot of resources out there discussing this, but it never hurts to revisit this topic time and again because of its importance.
Password management isn't necessarily a difficult thing to do, yet it does seem like a bit of an annoyance to most people. When it comes to password management, you will hear the famous line, "I don't really care about changing my passwords regularly. I have nothing important online anyways." Let's see if you have nothing important online when your PayPal account gets taken over because you thought the password "password" was good enough.
In my opinion, it is an "internet user's" responsibility to make sure that they keep secure passwords and update them on a regular basis. In this article we will discuss how to make your online presence more secure and keep it secure.
The easy fundamentals
First thing is first; creating a strong password.
A strong password is a mixture of alpha-numeric characters and symbols, has a good length (hopefully 15 characters or longer), and doesn't necessarily represent some word or phrase. If the service you are signing up for doesn't allow passwords over a certain length, like 8 characters, always use the maximum length.
Here are some examples of strong passwords:
* i1?,2,2\1′(:-%Y
* ZQ5t0466VC44PmJ
* mp]K{ dCFKVplGe]PBm1mKdinLSOoa (30 characters)
And not so good examples
* sammy1234
* password123
* christopher
You can check out PC Tools Password Generator here. This is a great way to make up some very strong passwords. Of course the more random passwords are harder to remember, but that is where password management comes into play.
Managing your passwords
I know some people that keep their passwords in an unencrypted text file. That's not a good idea. I suppose that if you aren't doing much online and are decent at avoiding viruses and such, it could be OK, but I would never recommend it.
So, where do you keep your strong passwords for all the services that you visit on a daily basis?
There are a ton of password safes out there including KeePass, RoboForm, Passpack, Password Safe, LastPass, and 1Password. If and when I recommend any of these I always count on LastPass and 1Password.
Both LastPass and 1Password offer different entry types for online services logins (PayPal, Twitter, Facebook, Gmail, etc.), credit cards and bank accounts, online identities, and other types of sensitive information. Both have excellent reviews and only differ in a few subtle ways. One of the ways that is more notable is that LastPass keeps your encrypted password Vault online where 1Password allows you to keep it locally or shared through Dropbox. Either way, you are the holder of the encryption keys and both ways are very secure.
LastPass and 1Password both offer cross-platform support as well as support for Android and iOS (LastPass even has BlackBerry support). 1Password is a little pricey ($39.99 for either Windows or Mac) where LastPass has free options as well as premium upgrades that allow for mobile syncing.
Upkeep
You should probably change your passwords for your "important" accounts at least every 6 weeks. When I say "important" accounts I am referring to ones that you just couldn't imagine losing access to. For me that would be Gmail, PayPal, eBay, Amazon, all my FTP accounts and hosting accounts, Namecheap, etc. Basically these include any account where financial information could be lost or accessed as well as accounts that could be totally screwed up (like my webserver).
There is no hard and fast rule to how often you should change your passwords, but 6 to 8 weeks should be pretty good.
Alternatives
You may think that all of this is just too much to manage on a daily basis. I will admit it is kind of annoying to have to change your passwords and use a password manager on a daily basis. For those people out there that don't want to go through all of the hub-bub of super-secure, encrypted, password management, here are a few tips to keep you safe:
- Create a unique and hard to guess "base password" and then a pattern to use for each site you logon onto. For instance a base password could be "Ih2BaSwAa" (this stands for "I have two brothers and sisters who are annoying"). Then you would add something "site specific" to the end of it. For Twitter Ih2BaSwAaTWTTR, Facebook Ih2BaSwAaFCBK, etc. This is sort of unsecure, but probably more secure than 99% of the passwords out there.
- Don't write your passwords down in public places. If you want to keep track of passwords on something written, keep it on you at least. The problem is that if you get your wallet stolen you are still out of luck.
- Don't use the same passwords for every service. I'm not even going to explain this; just don't do it.
These are just a few things that can be done rather than keeping your passwords in a management system. Personally, with over 100 entries in my password management system, I couldn't even dream of doing any other way. But those out there with only a few passwords, having a simpler system may be beneficial.
So, if you want to be a "responsible internet citizen" or you just don't want to lose your precious account data, then creating and maintaining strong passwords for your online accounts is a must.
You Can Have Me but Not Hold Me
Source: https://www.lifehack.org/articles/lifehack/putting-your-future-on-hold.html