July 1st, 2008 in Lifehack, Technology

Why Haven’t You Organized Your Passwords?

Keys

In my work with clients I have run into passwords in all kinds of unbelievably random and insecure places. I always shrink back from them when I see them… I don’t want to know! Passwords are the key to unimaginable ruin in the wrong hands, and it consistently shocks me how careless people are with this information. (It’s just as bad as how often I see people who don’t do computer backups!)

“I don’t need to have a system… I have one password I use for everything.”
Think again. I know of a person in my area whose Yahoo e-mail password was compromised, and once the thief infiltrated his e-mail account he used forgotten password functions on other websites to unlock many more (they were just emailed right to him!). Since the thief quickly realized that the same password had been used for everything, it was a piece of cake for all accounts to be penetrated. By the time the victim discovered the breach, all hell had broken loose, involving eBay, PayPal, and $32,000 of merchandise about to be shipped to Africa… no kidding.

Lessons learned: Use a very strong password to protect your e-mail account, guard it fiercely, and use different passwords to avoid one compromising all of the others.

You also need to be mindful of being hit by the proverbial bus. Would important people know how to get this information if something happened to you? Make sure that you do have a system and that someone else knows how to access it in an emergency.

Electronic Password Keepers
There are many great database applications made for storing passwords. A previous Lifehack article by Leo Babauta lists ten free apps you can use, but I like SplashID, which costs $20, is available for both Mac and PC, and synchronizes its desktop component with almost all major PDA platforms. I really like having my information with me, securely encrypted, when I am away from my desk. Whatever application you choose, DON’T use a Word or Excel document for this purpose (especially one named “PASSWORDS”) that can be easily infiltrated.

Along with passwords and other login information, I also enjoy using the SplashID database for keeping many other data tidbits, such as software licensing information, identification numbers like my family’s Social Security numbers, my cars’ VIN numbers, computer support information and service tags, and frequent flyer program numbers.

Paper-Based Password Keepers
Some people are reluctant to use electronic solutions, and if so, you can either repurpose an address book or use a 3×5” index card file. (I am sure our loyal readers will have a few suggestions, too.) There are also a few products on the market now that are made just for this purpose, such as the Internet Password Organizer. It’s basically a black, nondescript book with laminated alphabetical index tabs like an address book, but the printed fields are tailored to computer-related needs.

Tips on Paper-Based Systems:

  • Use a pencil to write down your entries as they may change.
  • Don’t label your card file box or password keeper book with the word ”PASSWORDS!” Keep it on the down-low.
  • You may want to write down the passwords as “hints” instead of the actual passwords, in case your password keeper is lost or compromised. For a password like “fido1995,” you might write a hint like “dog+year” that you’ll definitely remember.
  • If you use index cards, they have more room to write other details about the account, such as logs of customer service notes or order dates.
  • Do NOT write password hints that are relative to other accounts, like “same as Amazon,” because that can become a big cross-referencing mess quickly when you change the referred-to accounts.

On a final note, PLEASE do not use your birthday or your children’s names any more! (See this previous Lifehack article on how to create strong passwords.) Whether your system is electronic or paper, one of the best advantages of having a system is that you can use even more secure passwords and change them up, since you are no longer relying on your own memory.

WRITER'S BIOGRAPHY

LorieMarrero

Lorie Marrero, CPO®, is the creator of The Clutter Diet®, an affordable organizing program that helps members lose "Clutter-Pounds" from their homes by providing online access to her team of Professional Organizers. Lorie writes something insanely practical every few days or so in the Clutter Diet Blog.

ARTICLES BY THIS WRITER »
Don't want to miss any related posts like there? Subscribe to our feed!

17 Responses

Trackbacks/Pings (Trackback URL)

Comments

  • Mike Buckley says on July 1st, 2008 at 1:46 pm

    You mean using my cat’s name for everything isn’t a good idea? Seriously, in trying to keep things simple, it’s easy to fall into some very bad habits concerning passwords.

    Thanks for the wake-up call.

  • John says on July 1st, 2008 at 3:12 pm

    Here’s a completely different approach: instead of STORING unique passwords, use software to GENERATE unique passwords. See this post:
    http://www.johndcook.com/blog/.....swords-ii/

  • Ann at One Bag Nation says on July 1st, 2008 at 3:20 pm

    Not only are my passwords in a file clearly marked PASSWORDS, most of them are scribbled down and I can hardly read them. Time to clean up my act!

  • Vivek says on July 1st, 2008 at 4:12 pm

    I actually use a password protected word document as passwrod organizer – and I’m quite happy with the arrangement. That’s because the word file has a very misleading name, it’s kept along with a lot of other password protected word files and it doesn’t have actual passwords. It has only hints. I think that’s good enough! :)

  • Avani-Mehta says on July 1st, 2008 at 6:02 pm

    I usually use common passwords for general mail accounts and different password for bank accounts, debit card etc.
    One great way of making and remembering new passwords is to use initials of words of a favourite song as a password.

  • Louise says on July 2nd, 2008 at 7:13 am

    In reference to using one password for various sites – here’s a quote which sums it up – ‘reusing a password is like reusing a hypodermic needle. If one is compromised, so are all the rest.’

    Password habits are vital to online privacy.

    Louise (Passpack)

  • Lorie Marrero says on July 2nd, 2008 at 10:11 am

    @Vivek: You might want to rethink this! Read this article about how easy it is to crack a Word password: http://www.askdavetaylor.com/c....._file.html

  • Knk says on July 3rd, 2008 at 2:56 am

    PasswordSafe or its platform independent brother PasswordGorilla might be a good solution too if combined with a pendrive.

  • Bill says on July 4th, 2008 at 5:07 pm

    RoboForm. Free and a pay-for version. I liked the free version so much I bought the pay version.

  • Omarra Byrd says on July 6th, 2008 at 12:22 am

    I actually love the RoboForm software myself. I use it all of the time and it takes all the menial everyday tasks that I have to perform on my computer daily and shortens them extremely! What once took me fifteen minutes to complete now takes me only one second because RoboForm does the same task with just one click. In fact I wrote a Report about a lot of RoboForm’s capabilities for use that aren’t even touched on in the User’s Manual for RoboForm. You can get that Report here:

    http://www.booksbonkers.com/TheRoboFormReport!.html

  • Billy R says on July 7th, 2008 at 4:07 pm

    I like to have my passwords with me all the time but don’t like to store them digitally. So I keep a sheet of paper in my organizer with the passwords to all places and services that I need to use. I’ve created a way to keep them safe that works really well for me. And if someone get their hands on my passwords, he won’t be able to use them. This is what I’ve done:

    Let’s imagine the written text on my paper looks like this:

    1. Jaiku – pass: YellowBird
    2. Facebook – pass: GreenGiant
    3. My blog – pass: RedEagle
    4. Meebo – pass: VioletSky
    5. del.icio.us – pass: BlueDream
    6. My Internet bank – pass: BlackHole

    I have a sheet with 40+ passwords arranged in this way. Now, what you do to keep them secure is to decide for something generic that will be at the end of each password. This, you don’t write out in your list. For example: If “90510″ is what you’ll add, then the passwords are “YellowBird90510″, “GreenGiant90510″ etc etc.

    As a final measure of safety (since the suffix is the same for all password, one cracked password means they’re all cracked), I use the POSITION in the very list to determine another thing to add to the password. For example, go down two rows and use the number in the front of that row.

    If I’m gonna log in to Jaiku, I read my pass is “YellowBird”, add my known suffix to make it “YellowBird90510″ and also add the number of the row two rows down, in this case 3. That gives the password “YellowBird905103″ ..

    You can use the row technique in any way imaginable. “The number of the row three rows down multiplied by 5″, although it will be uneccessarily complicated.

    In fact, this system may sound complicated, but it really isn’t. I have individual passwords for every account I use and carry them with me all the time, without any risk of breach. You’re welcome to have my sheet cause even if you have it, you gotta know my suffix and also which number to add after.

  • AnneTanne says on July 13th, 2008 at 9:48 am

    I use a technique rather similar to Billy’s.
    I take a (dutch) word that has a link to the subject involved (this could be ‘bladwijzer’ – bookmark – for a bookmarking site). After the third letter I add something like 68% (always the same). Splitting the word this way gives a good chance you can’t find both parts in a dictionary (neighter ‘bla’ and ‘dwijzer’ are words any language I know). At the end I add another combination, e.g. -)p.
    This way my pasword is ‘bla68%dwijzer-)p’, which can be considered rather strong.
    I do have a division for my passwords in my organizer, which looks like:
    Flickr: 3
    Picasa albums: 5
    Delicious: 3
    Magnolia: 6
    This means that for ‘online pictures’, I have to split the word linked to it after the 3th letter for generating my Flickr-password, after the 5th for Picasa.
    OK, I do have to remember the ‘keywords’, but since they are always very closely related to the subject, this isn’t so hard.

  • PPC says on August 6th, 2008 at 5:19 pm

    Password Safe, originally developed by Bruce Schneier, is a favorite. It’s been open source since 2002. A big time-saver is the Autotype feature, which (by default) automatically types the stored username/password.

  • Mike says on September 1st, 2008 at 10:10 am

    These solutions as far as I can tell include various combinations of strong passwords, and various levels of strong encryption. But they all seem to be missing intruder detection. What happens if someone gets a copy of your password safe? They can hack against it until they have your master password, then they have all of your passwords in a nice organized tool.
    Any complete password safe will include intruder detection that will lock or even destroy the password safe if too many bad password attempts within a set timeframe are attempted. Is anyone aware of a product that offers these features?

Post your comment

Continue your discussions at Lifehack Community.

Get your own Avatars at Gravatars.
Three FREE Audiobooks RISK-FREE from Audible
Recent Writers SEE MORE
Latest Poll

Do you like the new design?

View Results

Loading ... Loading ...