How to manage those pesky passwords
We all hate passwords.
They are the bane of modern computing. And it seems every computer and website want different rules and expiry requirements for them. So, to make it easy on ourselves, we are tempted to just use the same simple passwords or combination of passwords on every site. This is a disaster waiting to happen.
Imagine if a baddy guessed your bank password, or used your email to recover your bank password and then siphoned all of your money away? This isn't too difficult even with text message (two-factor) authentication. Among the most commonly used passwords are 121345678 (or any sequence of numbers), "password", sunshine, iloveyou, princess, welcome, abc123, etc.
Also its relatively easy to reverse-social-engineer common passwords by looking at social media (Facebook, twitter, instagram, etc) and then guessing password recovery answers. Name of dog, high school, first car, mascot, etc. Many celebrities have succumbed to this method and had their very personal information and pictures scattered all over the internet.
So, what do we do? Whats the right balance between security and sanity?
Here is an easy, yet safe way to manage your passwords.
Step One - Separate all passwords by potential damage to you:
Level 1 (most risky) are your computer and phone/tablet access passwords (which gives access to all other saved passwords), email (account recovery), financial institutions (money), credit agencies (SSN), and your mobile phone carrier account which controls two-factor SMS text authentication (T-Mobile, Verizon, ATT, etc). Each one of these should have a separate and dissimilar password.
Level 2 (medium risky) are shopping sites like Amazon, Macys, Nordstrom, Target, etc. These can have similar passwords but not the same. If one of them gets hacked (which happens all the time), baddys can't get into your other accounts.
Level 3 (low risk) all other sites that just want to customize experience for you, and you don't care if someone hacks into it. You can still follow the same rules, but maybe use common combinations.
Step Two - Password Tricks:
Use a combination of words in a row that make sense to you and are meaningful.
The trick I recommend is to use Song names or lyrics. Use the first letter of the website/company name to start it and string together enough words to make at least 8 letters. Always start with a capital letter, and end with a number and optional special character, like the one directly above the number on the keyboard you pick.
For instance, if you wanted a password for Bank of America, you could choose "Bridgeovertroubledwater9", or for Apple iCloud, perhaps "Artificalflowers2@"
Step Three - Password Application:
I recommend to my clients that they use a password program which works on all of their computers, tablets, and phones. I recommend "1password" because its relatively open ended and can sync across devices. Its been audited for security and it's available on Mac, iPhone/iPad, Windows and Android.
I'm not affiliated with them, just a great product. Here is the website: https://1password.com