Last time, we went over the best ways to create secure passwords, so now we’ll finish it up with keeping those new shiny passwords secure. By keeping them secure, we mean that it will be difficult for anyone to gain access to it, while you, the user, can easily access it. But before we get down to the details, it’s best to first realize that there will never be a 100% fool proof way to keep all of your passwords secure forever- there’s no guarantee regarding digital security. So there’s really no point to going to extremes and keeping all of your passwords in a super secret vault in your basement with the only key buried in the backyard in an unmarked location. But rest assured, with a few relatively simple steps (and some healthy paranoia) you can significantly reduce the risks of losing the element of security with your passwords.
1. Use different passwords for every account
There is no way that everyone remembers all the passwords they have every used, and that’s okay. But there are some passwords that you use more than others, like banking, Facebook, and email passwords as compared to a random online store that you get a discount with an account, or a three year old tech forum where you asked one question. For the accounts you use daily, you should use different passwords. Passwords should be completely different, and bare no resemblance to any other password you currently use. Do not use the same numbers, phrases, or similar themes!
The reason for this is simple. If one account, say a spam email or old twitter account gets the password guessed by a “hacker” in another country, it is more than likely they will try and access other accounts you have as well. If the password is the same, it will be that much easier to gain access to every single account you own. It may be a lot of effort on your part to create and remember all of these new passwords, but it will be worth it to not have all of your accounts compromised at the same time.
2. Change all of your passwords. Right now.
If you are reading this right now, take a 15 minute break, and do possibly the most proactive thing you can do in regards to your passwords security: change your passwords. All of them. Right now. Do it. The rest of this blog can wait for later.
Done? Good. This is one of the easiest ways to keep a password secure. If your password ever was compromised but you are still unaware of it, changing the password to something else effectively keeps the account secure. Anyone else viewing your account will be able to access it until the password is changed. One suggestion for keeping on top of this is to create a dozen secure passwords for an account all at once, physically writing them down (more on that next), and then cycling through the pre-made passwords every so often. Speaking of which, it would be a good idea to change these passwords either every 3, 6, or 12 months, depending on how much effort you want to put into it. It may be better to change the passwords of important accounts you use more often than the ones you use less.
3. Be wary how you store your passwords
You shouldn’t leave you car keys in the ignition, and you shouldn’t leave you passwords out in the open. There are a few ways to keep the recently changed, unique, and secure passwords in one place, so you don’t have to remember them all.
Do not keep scraps of paper on or around your computer with passwords written on them. It may be a bit old fashioned, but writing down passwords in one safe place, like a notebook, isn’t a bad idea. Just make sure you keep it in a secure place where you won’t lose it. A safe or file cabinet where you store other important documents is recommended. However, make sure you write the password down exactly as you type it, and that you update the notebook when you update change you passwords.
Under no circumstances should you ever keep any kind of document on your computer with a list of your passwords, or on any cloud storage. But, there are a bunch of other ways to store passwords, digitally, that are relatively secure and easy for you to access, called password managers. Here we’ll specifically go over Keychain, for Apple Users, and take a quick look at some other more accessible options for other systems.
Keychain, the newest cloud based password manager from Apple, is not as functional as many wish it could be. Available to all Apple devices running OS X Mavericks (10.9) or higher, the Keychain will be locked with a master code that you set. This code cannot be recovered, ever. If you enter in the wrong password too many times incorrectly, you will be locked out of that specific Keychain, at which point you’ll have to call Apple to reset it. But still, after a certain number of incorrect tries, the Keychain will be wiped, and you’ll have to start all over again. Your data in the Keychain also will always be backed to Apples iCloud, whether you want to or not. One of the good things about Keychain is that it keeps all of your passwords secure, and can push all the passwords to all of your Apple devices. Any new device that uses the Keychain has to be approved as well from an existing device. It can also generate new somewhat secure passwords, and all passwords can be auto filled in Safari, although it may not work for some websites. In another frustrating move, if you don’t use Safari, you have to navigate to your passwords locally, which is a huge hassle, considering the amount of security and passwords you just have to enter to access your passwords.
Other options for keeping passwords safe digitally are online password lockers, like 1Password, Lastpass, or Dashlane. These are not free services, and are online, but allow you to access and edit all of your passwords with only one master password, which could either be a very good thing or very bad. Another option is to use a local password manager, like the free and open source KeePass, or Norton’s Password Safe.
4. Be wary of where you use you passwords
One last bit of advice: make sure you know where exactly you are using you passwords, and who you are allowing to see them. If you ever use a computer that is not your own, like a public one or one that belongs to a friend, make sure you log out and that the browser will not remember you password. Speaking of which, it is not a great idea to have browsers remember passwords anyway, as anyone who has access to your machine will have instant access to your all of your accounts. So if you accidentally lose something, anyone who finds it will be able to tweet as you, post on your Facebook, or access your bank accounts. Yikes.
You should also be aware of places online that use passwords. Always make sure you are using a secure site when logging in or paying online. Never respond to any email asking for your passwords, as it is most likely a scam.
Sources:
http://www.washingtonpost.com/blogs/the-switch/wp/2014/08/07/how-to-keep-track-of-your-passwords-without-going-insane/
http://www.usatoday.com/story/news/nation-now/2014/05/22/password-protection-cybersecurity-ebay/9432075/
https://www.google.com/goodtoknow/online-safety/passwords/
http://www.gizmag.com/apple-icloud-keychain-ios7/30301/
http://arstechnica.com/information-technology/2013/11/apples-icloud-keychain-it-works-but-its-limitations-are-frustrating/