IT Security
Realistic Password Management Tips
No doubt you have read numerous articles warning you to have strong passwords and a different password for every account. For most people this advice is unrealistic since most of us have at least 20+ accounts all requiring a username and password – everything from online banking, social media profiles, online stores to paying for cinema tickets.
No doubt you have read numerous articles warning you to have strong passwords and a different password for every account. For most people this advice is unrealistic since most of us have at least 20+ accounts all requiring a username and password – everything from online banking, social media profiles, online stores to paying for cinema tickets.
I would like to offer a simple approach to managing passwords that appears to work for people who don’t want to be bothered with password managers, encrypted drives containing passwords and hiding passwords deep within their computer folders etc…
Simple Approach to Password Management
The approach takes the path of having 3 levels of passwords:
1) Very sensitive passwords for accounts such as online banking
2) Semi-sensitive passwords for accounts such as social media profiles
3) Non-sensitive passwords for websites that you visit infrequently
Very sensitive passwords
For sensitive accounts such as online banking have very strong passwords and unique for each account. It is ideal to use an online password generator to make a truly random complex password but it will be nearly impossible to remember each one for every sensitive account you have. To make life easy think of a phase or event that is meaningful to you for example “I love Corro on TV at 7pm!” – with that phase replace the text with shorthand and symbols so it looks like “iluvCoTV@7PM!”. You could also associate the business name or service within your phase to help remember the password for example “ANZ is at 23 Allen St, Newtown!” which can be converted to “ANZis@23AS,NT!”. These are consider strong passwords because they include numbers, lowercase/uppercase text and symbols.
Semi-sensitive passwords
For semi-sensitive accounts use a password format that you can reuse and can easy change certain characters for example “!@12Facebook@!” and “!@12LinkedIn@!” and “!@12Twitter@!”. Then every month change the number – for example “!@52Facebook@!” and “!@52LinkedIn@!” and “!@52Twitter@!”. Of course please do not follow this pattern since its published on a public website – make up your own.
Non-sensitive passwords
For accounts that are infrequently access I use an online password generator to create a complex and unique password for each account. I know that I cannot remember the password so every time I need to log into the account I just use the systems reset password feature! This means the passwords are unique and complex so if the site gets hacked (and more often its the smaller websites that do and you never hear about it) I don’t have to worry that I reused a password that is used on more sensitive accounts.
Of course having unique and complex password for each account is ideal but with many people having over 20+ separate accounts to deal with you need a simple system that helps you remember passwords – hopefully this approach can help.
