One of the primary advantages of the internet is the vast array of online products and services available for business users and consumers. Whether accessed through a browser or an app, most products and services typically require their users to create an account with a username and password.
Starting with your bank and/or brokerage accounts, ISP, public library, credit card, social networking accounts, and streaming services, for example, one can begin to accumulate a large number of username and password combinations that somehow need managing.
This post discusses some of the strategies, options, pitfalls, and outright security risks to avoid when managing passwords.
Many products and services require a certain combination of characters (letters, numbers, and symbols) and a minimum password length for user passwords. Here are some suggestions for creating strong passwords:
- Create a long password. Use 8-15 characters, minimum, such as D0r4l0nG!ng.
- Create a password phrase. A password phrase is usually a nonsensical phrase like manage dog filing gypsum, only using a combination of characters and with no spaces, such as maN@geD0gf1L!ngGyP$uM.
- Use a combination of:
- Uppercase and lowercase letters
- Symbols (most products and services will let you know if you use a symbol that’s not allowed)
- Don’t use personal information as part of your password.
Bad Password Habits to Break or Avoid
Some bad habits users may have picked up over the years for managing their passwords include:
- Using simple, non-complex passwords (e.g. password123).
- Using the same password for everything.
- Having no system for managing passwords.
- Writing usernames and passwords on paper and storing next to (or adhered to) one’s computer.
- Storing usernames and passwords in an unencrypted document or spreadsheet on one’s computer or in the cloud.
- Storing passwords in the web browser when prompted.
- Sharing passwords over email.
- Not updating passwords regularly.
Good Password Habits to Develop
The following suggestions can help you safely use and manage your passwords on your computer and mobile devices:
- Avoid sharing passwords in any way.
- Maintain strong passwords for your user accounts and update your passwords every 90 days. Many products and services require regular password updates.
- Create new passwords when updating. Don’t use minor variations of the same password.
- Don’t use the Remember Me option for websites and apps.
- Sign out of web sites and apps before closing the app or browser.
- Only log in to websites and services over a secure WiFi connection (one where you had to enter a password to use WiFi). Don’t expose your usernames and passwords over open WiFi.
- Consider using a password manager for creating, storing, and managing your passwords.
- If using a password manager, use secure options to back up your master password, such as writing it down and storing it in a home safe or safe deposit box.
- Make arrangements in your will or estate plan for securely transferring your passwords to your survivors.
Password Manager Features
If you’re like many people you have too many accounts with usernames and passwords to keep manage. A password manager becomes an essential tool for most people. There are numerous password management apps and services to choose from. Some have free offerings, and others have premium add-on services such as multi-user support and business services. Some basic features that a password manager should have include:
- Stores usernames, passwords, and other information for multiple user accounts in an encrypted format that can be accessed using a master password.
- Generates strong passwords (see Password Strength).
- Password data may be accessed from any device.
- Browser plug-in support – allows you to access your password data using your master password while signing in to websites.
- Password data is backed up automatically.
Premium features often included with a subscription:
- Automatic backups of password data. Not always included among basic features.
- Secure password management and sharing for families.
- Multifactor authentication.
- Business-level support and features, such as:
- Single sign-on
- Company password policies
- Automated employee provisioning
Choosing a Password Manager
Selecting a password manager depends on your needs and whether you’re willing to pay for the features you want (or need). Many articles and blog posts exist with advice and information for making your selection. Do some research and reading before making your selection, or contact your IT professional at Prime of Life Tech.
This post is related to the series Protecting Senior Citizens Online.
Copyright © 2019-2020 Prime of Life Tech