In an effort to start the New Year off right and be more organized, I picked up the January issue of Real Simple magazine to get some tips from their Get it Together Handbook for 2011. Three tips they included related to managing passwords and how to keep track of all your online log-in info.
Passwords in general pose a big security risk. This is why our friends within in the identity industry at Ping Identity, Kantara Initiative, OpenID and Information Card Foundation are all working hard to eliminate the need for passwords. But until that day, the reality is password management is a necessary evil for all of us, both professionally and personally. And the problem is people can’t remember that many unique passwords so they use the exact same password to login to different accounts. I don’t think I have to spell out the danger in this but based on a very unscientific yet quick poll to 3 of my best friends, they don’t care about the risk and are using the same password for their Facebook as their online banking account because “it’s just easier.” Alarming isn’t it?
So how do you come up with multiple secure passwords that you can also remember? Real Simple says you only have to remember one if you set up a file on google documents to keep track of all your log in details. Then you can access this google doc online anytime and anywhere that you need to reference it. I’d add to this helpful tip that if you decide to put all your logins in a file in the cloud, you better be really sure the password used to access your google docs account is very strong and secure!
Mark Burnett, author of Perfect Passwords, suggests using a lengthy password that is phrases consisting of different parts such as words and spelled out numbers. The example he gave Real Simple was “foursaltypeanuts” which if you are prompted to change at some point could become “foursaltycashews.”
Of course, most network security people might find this nuts (forgive the pun) because it doesn’t contain any numbers and isn’t very complex. Sticking with the nuts example, here is how you could make it stronger:
- Add some numbers: foursaltycashews4me2eat
- Randomly mix upper and lowercase letters: FourSalTyCashews4me2eaT
- Add a symbol: FourSalTyCa$hews4me2eaT
Of course, the key is to choose a phrase that means something to you so you will remember it but it can’t be figured out from your Facebook or LinkedIN page. And until the day Passwords are Eliminated, I’d recommend keeping those memory skills sharp playing some good old fashioned memory match card games.