Manage Those Passwords

Submitted by brian beam on Mon, 08/01/2016 - 00:00

Password management is the bane of the typical computer user's existence. We're bombarded with websites that require a username and password, but how can we manage them all? Unfortunately, most people resort to one (or both) of the following systems:

  • Write them down
  • Find a good one and use it everywhere

Of those two options, using the same password everywhere is, by far, the worse option. It seems like every day we hear of one service or another who has been hacked and their user's data absconded with, including usernames and passwords. The first thing cyber criminals do with these credentials is try them out on high-value sites, such as banking and finance. So, as you might imagine, if you use the same credentials everywhere, these criminals now have the proverbial Keys to the Kingdom.

The answer is to have a unique username and strong passphrase for every service that you use. And by "strong" passphrase, I mean one that's over 12 characters long and includes a range of character types. And, most importantly, it should be a "phrase" (multiple words) not a single, cryptic "password". Perhaps the best known illustration of passphrase v.s. password is XKCD's Password Strength post:

CommandB.net | XKCD Password Strength

Still, even when coming up with easier-to-remember passphrases, it's still difficult to remember all of them. That's where a password manager comes into play. There are several available, but the two I recommend are:

Both apps work similarly... you first create a "master passphrase" and you then save all your websites' usernames/passwords within the app's database. From that point onward, you do not have to remember those individual logins; you just unlock them with your master passphrase.

Both apps will generate secure passwords for your website logins. They also let you create secure notes to hold banking info, credit card numbers, etc. And both provide ways of sharing your logins with co-workers, family members, etc.

You really can't go wrong with either solution. Both work well and are considerably better at managing our passwords than our poor overloaded brains.