The first of the year is a good time for many things, one of which is changing passwords. Most people hate the idea of changing passwords, but it is a necessary evil. The proliferation of key loggers, phishing sites, viruses and malware require that passwords be changed regularly.
Some folks just use the same password for everything. Words cannot express how dangerous this is, but it is fundamentally no different from having a single key to your home, car, safe deposit box, mailbox, etc. While certainly it is convenient, if somebody gets ahold of this one password, then they can use it to access all your websites.
Some folks use secure password software to keep their passwords, thus allowing them to have varied and unique passwords for each website. Frankly, this is probably the best method, if you can develop the habit to use the software -- and you always have access to the software. I've previously written about the merits of the Steganos security software suite (http://www.steganos.com) for keeping critical documents confidential, and it contains a cool password manager as a bonus. But there are other good password programs out there, just make sure that they work as well on your phone and tablet as they do on your desktop or laptop, so that you can access your passwords over many devices.
Instead of software, one can always keep their passwords in a list in password-secured Word or Excel file, or (better) a PDF file that can be opened on any device. While not quite as good as the password software, this is an easy method to keep a list of passwords. Just a quick note: Don't call the file "passwords" as then a hacker might see it and try to bust the encryption. Instead, name the file the most boring thing you can think of, i.e., "kids1998soccerschedule" or somesuch.
There is another method of keeping passwords that I've come up with, and which I've found easy to use. This is called the "common key" method, and while it has the disadvantage that a determined hacker could probably figure it out, for many purposes it will work just fine.
The idea is that you start with a "key" of five or six letters, containing both symbols, a capital letter, and a number, the combination of which makes it very difficult to hack. Here I will use the word "apple" thus expressed as "@pp1E" (with the numeral "1" instead of the "l").
But this still gives us just a single password, when we really want a different password for every site that we use. So, what we will do is to two more letters to the end that are specific for that site that we can easily remember.
Let's assume that we want a password for our health insurance website. We might then add the two initials "hi" to the end of our key. Thus, our password for this website is "@pp1E39hi". For our bank, our password thus becomes "@pp1E39bk" and so for and so on for all of our passwords.
If you wanted to change your password more frequently than yearly, with you really ought to do but who has the time, then you could substitute one letter of our key to correspond with a month or quarter. For example, our password for our bank for January could be "@pp1A39bk" and our password for February could be "@pp1B39bk", etc.
One good thing about this system is that if you wanted to give your passwords to somebody who might need them in your absence (say, your spouse if you suddenly died of a heart attack or were in a bad crash), you could explain the system to them, and give them your key and your system. This would give them immediate access to your online empire -- but an obvious caution here that this should only be done to those whom you absolutely trust. If you don't have somebody that you absolutely trust, then suffice it to say that you have bigger problems than passwords.
It has actually become a big issue within our legal system how to deal with a decedent's social media property. The family usually desires to make some posting on their Facebook or Linked pages noting their passage, but convincing those companies both that the decedent is really dead and that a particular person should have rights of access can be very difficult. Likewise, if online services are being used to receive and pay bills, manage bank accounts, etc., a real mess can occur if somebody doesn't get online access immediately.
But the real benefit is that you can keep this system in your head. I've been using this system for some years now, and though I probably have dozens of passwords for corresponding dozens of websites, I've rarely failed to keep them straight or forget one.
I say "rarely" because occasionally with some long-unused website (most often a little used airline or car rental company), I'll forget the ending two letters, and for that I go back to my password management software -- where I just put two "XX" in place of the years, so that even if somebody were able to hack my password management software, they might not be able to figure out what the "XX" stands for.
Probably one of the worst things that you can do is to simply let your computer keep the passwords in cookies, outside of good password management software, as this is probably the easiest to hack. Thus, internet browsers should be set to clear all cookies and passwords on exiting, so that these passwords are not kept longer than the single day that you are using them.
This system is not as perfect as having utterly random passwords for each site, which -- unless you have a fantastic and flawless memory -- will always be the best method, but to get into many sites you want to be able to go into them right then and there, without using the password management software.
Anyhow, if you try this system, please let me know how it works for you.
This article at http://onforb.es/JWy0cf and http://goo.gl/ViHHVL
Also on Forbes:
