Did you know that “password” was the most popular bad password in 2011? And if you were trying to be clever and use “passw0rd” instead, I’m sorry to tell you that that’s not much better.
Most of us have some idea of what makes a good password, but we get overwhelmed by the idea of creating good, secure passwords for every login – so it’s easier to just give up and stick with our basic, insecure password for everything. The good news is, there’s another approach – it is possible to stay secure without having the memory of a supercomputer.
There are two main approaches to being both secure and practical. The first approach helps you group your logins into 4 categories based on sensitivity, and create passwords accordingly. This article explains this approach to password management in more detail, and I recommend it if you don’t want to get a password management tool.
The second approach is… you guessed it… to get a password management tool. Basically this is a little piece of software that remembers all your passwords for you. How it works is you have one, super-secure password that you use to access all of your other passwords – so you only have to remember that one password. This frees you up to use different, randomly generated passwords for all of your logins because you don’t have to remember them. As you would expect, password managers are highly secure and encrypt your passwords to keep them safe.
The main features you’ll be looking for in a password manager include which platforms it works on (operating systems, browsers, mobile devices), how easy it is to use and whether you can import/export data. As many organizations have logins that are shared with multiple people, the ability to share passwords may also be helpful (although this should be avoided where possible).
As always, there’s lots of debate on which product is best. A few good tools that have got good reviews and I’ve seen come up frequently are LastPass, KeePass, Passpack and Roboform. Both LastPass and KeePass are free, which is always a plus, and Passpack has a free version.
To give you an idea of what it can do, here’s one person’s take on LastPass: “Lastpass has add-ins to all browsers, on Windows, Mac, and Linux, and in the premium version, on mobile. Lastpass categorizes and tags your passwords. It will pop up choices if you have multiple accounts for the same website (such as multiple Gmail or Salesforce log-ins). It also includes related information, such as your password reminder questions, and general secure notes.”
No matter which one you pick, the #1 most important thing is to have a strong master password.
Wild Apricot offers some good suggestions & tips on making the transition to a password manager - test it out with a few passwords to see if it’s a good fit, then transition gradually, making your passwords more secure as you go. Even if you do nothing else today, I challenge you to think of the most important/sensitive login you have and go and change it right now to something secure.
How does your organization manage passwords? Have you used any of these tools?