This is not a guide for password creation, but for how to manage your passwords securely. Because if you don’t manage them well, it doesn’t matter how strong they are. Superman himself can create your passwords but that means nothing if they fall into the wrong hands.
Don’t give out your passwords
Think thrice before giving your passwords to anyone. I don’t care if it’s your best friend, co-worker, boyfriend, or kids. This is what it boils down to: if someone else knows your password, then it’s no longer under your control. Simple as that. It doesn’t matter if the person is trustworthy or not.
I understand that in some cases it’s necessary, like sharing passwords with your spouse. Some other exceptions might be your IT staff at work, because they can probably get into your accounts anyway, or if it’s an account that’s intended to be shared by more than one person. But the rule that should always be followed is to consider your passwords absolutely need to know only. It was Benjamin Franklin who said, “Three may keep a secret, if two of them are dead.”
Use a password manager
Passwords are a pain in the keister. The best way to simplify this headache is to use a password manager like Lastpass or 1Password. These browser plugins will 1) make your bazillions of passwords more manageable and 2) make them more secure. Why does it make them more secure? Because if you don’t have to remember them then they can be much more long and complex and therefore stronger. The only one you’d have to remember is the one for the password manager. Stay tuned for my How-To guides on these tools.
Don’t reuse important passwords
Been using the same password for everything for the last 10 years? Sorry to tell you, but that’s a time bomb ticking down to the boom. Why is it important to use a different password for everything? Because if you don’t, and someone gets one of your passwords, they will have access to everything else that uses that same password. And there are many ways to get just one of your passwords.
I know, it’s a huge pain. But that’s why a password manager like described above comes in so handy. At the minimum, use separate passwords for your most important accounts, like banking, medical, tax, or any other site that contains sensitive personal information.
Don’t write them down
If I were to rummage through the desks of our clients, about 70% of the time I would find a notebook of handwritten login names and passwords. If I can find them, anyone can. Again, use a password manager instead. Or put them in a document on your computer and encrypt them with a master password (use my AxCrypt tutorial as a guide for this).
Now with that said, I will break my rule and say that writing them down can be done in a way that’s relatively safe. Follow the rules in this guide for more on that.
Develop a method for password creation
(I know, this isn’t what this guide is about. But it’s still worth mentioning.)
Contrary to how your IT guy makes it sound, creating strong passwords is simple to do. However, my experience in the IT field shows me that these methods are not common sense. Check out my guide for password creation to see if your skillz are really as good as you think.