Password managers are software applications that automatically fill-in your passwords on websites, e-mail accounts, and portals that you use. With a password manager, you typically only have to remember one master password or passphrase to the application, rather than all of the individual passwords to your accounts. Password management apps include:
- Keeper Security
- Password Boss
- Sticky Password
Neil Rubenking’s article in PC Magazine discusses the best password managers for 2020.
Most browsers also have settings that allow you to save your passwords. If you have an iPhone, this is called Apple Keychain password manager.
Where are my passwords stored?
Most of these password managers store your passwords in the cloud so they are accessible anywhere. Some password managers – like Apple Keychain – save to a physical computer or device but can be uploaded onto iCloud.
If applications do get compromised, on occasion, is it safe to use a password manager?
The downside to the password manager approach is that applications in the cloud do get compromised, and your computer is only as secure as you allow it to be. You can keep your identity safe by considering alternatives to password managers. This new approach is completely free but it requires some thought on your part. However, if you follow this approach, you should be able to generate complicated passwords that you can remember and not have to create more than 20 passwords for all your accounts.
Never use the same password for multiple accounts
This is the cardinal rule in cyber security. While this is generally excellent advice, it also assumes that all accounts share the same password severity impact. Think about it this way, what do you value more? A compromise of your online bank account is not the same as a compromise of your Instagram account.
Password Severity Impact
The first step in this alternative to password manager approach is to divide passwords and accounts into three groups, depending on password severity impact.
Severe Impact Rating
Rate your impact as severe if:
- Financial loss or personal information exposure could damage your reputation
- Any adverse effect would require sustained effort to fix the situation
Types of Accounts:
- Online banking accounts
- Healthcare portal
- Main business account – especially if it contains confidential information about your company
Serious Impact Rating
Rate your impact serious if:
- Unwanted access could result in loss of credit card information
- Unwanted access could compromise your business network
- Any adverse effect would require some effort to remedy the situation
Types of Accounts:
- Accounts containing credit card information (any online shopping account)
- Accounts containing your main personal or business email account, Facebook, or Google accounts
Limited Impact Rating
Rate your impact as limited if:
- Loss or compromise of information is meaningful only to you
Types of Accounts:
- News feeds
- Spam e-mail accounts
- Social networking accounts (note: on social media, never post any information that would answer password security questions)
Create Strong Passwords in Three Easy Steps
Step 1: Group Accounts by Severity Impact
Once you group your accounts by severity impact, you should have unique passwords for every account in the severe impact category.
Step 2: Use easy to remember passphrases to develop initialized passphrases
Do not use traditional passwords. Instead, use easy to remember passphrases related to each account. For example:
- Healthcare – Health-related phrase – “A spoonful of sugar makes the medicine go down” becomes Asosmtmgd
- Finance – Money-related phrase – “A penny saved is a penny earned” becomes Apsiape
- Personal – Memorable personal event – “Tom and Jane met at Johnny’s Bar” becomes Tajmajb
Step 3: Insert special characters and numbers
Next, insert a special character. Then add a date that is significant to you as long as it’s not your birth date, anniversary, or any personal date that is commonly known. For example, assuming Flag Day is June 14th and my special character is #, my Healthcare password becomes: Asosmtmgd#0614.
Examples of Strong Passwords:
- Healthcare – Health-related phrase – “A spoonful of sugar makes the medicine go down” becomes Asosmtmgd. Date of surgery was January 14. Original passphrase becomes Asosmtmgd#0114.
- Finance – Money-related phrase – “A penny saved is a penny earned” becomes Apsiape. Business was created in September of 2009. Original passphrase becomes Apsiape#0909.
- Personal – Memorable personal event – “Tom and Jane met at Johnny’s Bar” becomes Tajmajb. Date Tom and Jane met was 3/3/11. Original passphrase comes Tajmajb#030311.
Depending on your accepted level of risk – and remember that any part of this approach is more secure than what you were doing in the first place – you will only need to create a few groups of passphrases. There are also variations of this approach.
The key is to create your own password key and stick to it. So, for example, another approach might be to use the last two letters of a website, Capitalize the second letter, add a special character, and then a set of 6 numbers that are meaningful only to you, and finally another special character. So your Amazon password could be: nO$13579!. And your Ebay password would be: yA$13579!. And your Washington Post password would be: tS$13579!.