Keeping Up with My Passwords and Keeping Them Secure
From ITS Wiki
A 2007 study by Microsoft® revealed that the average computer user had (at that time) 6.5 passwords, each of which was shared across 3.9 different sites. And each user had about 25 accounts that required passwords, and typed an average of eight passwords per day. That’s a lot of numbers, letters and characters to remember…and think how much these numbers have likely increased since 2007. (http://research.microsoft.com/pubs/74164/www2007.pdf )
We recently had an inquiry regarding suggested methods of securely storing/organizing the many passwords we all seem to be accumulating. Here are a few ideas from research and ITS/CTL staff members for you to consider:
Go no-tech
Use a notebook or sheet of paper to record your passwords and keep the record in a non-obvious place. While this might require you to pull out a file ever so often, it is simple, cost-effective and CAN BE a safe way to record your passwords (if your list is in a secure place, not taped to your monitor or hidden under your keyboard). Just in case your list falls into the wrong hands, record password hints instead of actual password.
Go low-tech
Record your usernames and corresponding passwords in a Notepad document to keep track of everything. You might want to print a hard copy to secure in a safe and confidential place. It’s a good idea to name the file something vague or unrelated to passwords so that if your computer/server space is accessed by someone the file does not get their attention quickly. (Don’t name the file MY IMPT PASSWORDS!)
Jami Powell’s idea increases the security level of this approach: Users can create a text file (Notepad, whatever) with site addresses, the email used for the site, and a vague password hint …the kind of hint no one could guess. Keep this file in two locations, on your computer and in Dropbox for example.
Stacie Yates also suggested only storing a password hint of some sort so that if your file/program/phone/list in a notebook is compromised or physically lost the finder will have a list of password hints that are likely meaningless. Something like “pre-prune digit, cap 3, num 6, 8, rest lower” for the password liTtl3j4ckhorner, for example.
Create a secured Word or Excel® file
This management technique was Art Moore’s suggestion and included in multiple articles regarding password organization and security. Create a file where all your website passwords can be securely stored, then make sure the file itself is secured with a password (yes, you’ll have to remember this one “master password”). You can use either a document or spreadsheet to do this, listing each website and the corresponding password alphabetically. You can find instructions on how to password-protect files for Excel and Word (just Google it or click on the “Help” icon in the program). Use an innocuous file name for security and record password hints instead of the actual passwords.
Use an online service, downloadable software or iPhone/iPad application
Password protection and management has become an industry, and there are now numerous online services, apps and downloadable software programs that will securely store and organize your passwords. Google “organizing my passwords” or a similar term or search at the App Store and you’ll find many choices.
Dave Frey" has been using SplashID for some time and Stacie Yates is also considering it for password management. You can install in on your iPhone, computer, iPad, etc. It has a lot of great features that you can find out more about on the web: http://www.splashdata.com/splashid/ SplashID is not free; you would be responsible for the cost (currently a one time fee of around $20).
I’ve been looking at a couple of iPhone apps (there are MANY!). Quick Password Manager (99 cents) is what I’ve settled on for now. I read through the ratings; it only had a couple of negative reviews and I figure there will always be a couple, so I tried it. You basically enter a master password then enter your other passwords. You can adjust settings to meet your needs (hide passwords or notes, lock on sleep timer, etc.) I also looked at Keeper Password and Data Vault. It is a free application. In reading the reviews, evidentially there are some annoying adds you will have to contend with if you use this. You could always try the free one for a week or so and then see if you wanted to move on or not. These are only a couple of the apps. I suggest you read the reviews and give one a try (if an app interests you).
Rely on strong, memorable passwords
If passwords are not recorded manually or stored electronically there’s no fear of others accessing your information. If you decide to rely on your memory, then the best strategy is to create passwords that can’t be easily forgotten (by you) but would still be difficult to guess or crack (by someone else). Create a simple algorithm for your passwords – for example, choose a random base word like “shoes”. Then, add the first three letters of the website you’re visiting (for Amazon.com, choose “ama”), followed by a random number (257). So your password for Amazon.com would be amashoes257. You can make this algorithm as complex as you like, adding capital letters or symbols for added security.
This is very similar to the ideas a couple of our ITS staff members suggested:
Tyler Chelf recommends developing a pattern for all important passwords, something like (but not as easy as):
Amazon: @maz0np@ssw0rd Ebay: 3b@yp@ssw0rd Centre: c3ntr3p@ssw0rd
Basically a pattern where part of it is different for each site, so you don’t have to memorize the password for all of them, just the pattern. The more complex your system/pattern, the more secure your account. (Note: @ is now commonly used in place of “a” so you might want to choose a substitution that is completely random).
Similarly, Stacie Yates suggested that it might be helpful if you pick a broad theme and stick with it when choosing (and memorizing) passwords, whether that’s Mother Goose rhymes, Broadway shows, a particular director’s films, record names by a particular recording artist or your favorite sports league.
Note: ITS does not officially endorse any of the products, methods or services mentioned in this tip. These are suggestions for you to explore and consider so that you can manage your passwords effectively and increase security. Additionally, ITS does not assume responsibility for purchasing any product.
This tip includes information and excerpts from:
http://research.microsoft.com/pubs/74164/www2007.pdf
http://www.ehow.com/how_2062776_organize-passwords.html
http://www.ehow.com/how_2062776_organize-passwords.html#ixzz1alca2U7U
http://www.stacksandstacks.com/blog/2008/11/04/clutter-control-organizing-computer-passwords/
http://h30458.www3.hp.com/ww/en/smb/914608.html
Special thanks to: Jami Powell, Art Moore, Tyler Chelf, Dave Frey and Stacie Yates