In previous articles I have described ways to protect yourself and your data. Usually protecting yourself means applying a password to something.
Particularly in the online world passwords are required for everything and it is easy to get lazy from “login” fatigue.
For quite a while now all my logins, passwords, accounts and other bits and pieces requiring protection have been living in a password management tool.
At present I have nearly 1000 items that require some sort of protection, login and/or password.
With that many logins to control who wouldn’t use the same password over and over again? Who wouldn’t leave a password unchanged if there was nothing wrong with it?
If your password is a strong one, a lengthy mixture of alphanumerics, characters, and upper and lower case, then maybe, just maybe, you can relax a little.
Then again, maybe you should check below to be 100% sure.
Here are some reasons why you need to change your password:
· you had a dispute with someone you share a password with
· you’ve used the same one for a while
· everything uses the same password
· it is not a very secure or tricky password i.e. it is easy to guess
· something using that password has been compromised
· someone emailed it to you - passwords in plain sight in email are a problem
· a technician you don’t know used your password to help you
· something suspicious happened and you want/need to take precautions
· the kids know it
· you never had one in the first place or you are using the default password
· you think someone may have seen it or guessed it (don’t wait to verify this)
· you've got a scary email from someone threatening you and holding you to ransom
Another very good reason is if your email address/es show up as having been PWNED - i.e. compromised by an online data breach.
Check you emails here, and if you see something pertinent then act on it:
And here are some tips to make the whole thing less onerous:
The longer your password and the more it includes variations such as numbers, capitalization, special characters and such the less likely it is to be "guessed" by humans or password cracking software.
NOTE: Password cracking software often uses an approach called "brute force" the difficulty of which is only altered by password length. The "complexity" of your password doesn't matter to automated cracking systems.
Create a disposable and unique password for web sites and services you are trialing or otherwise consider to be temporary in nature. That way, if it doesn’t work out, you can simply forget about it without the worry of your “real” password potentially floating around on an untrustworthy web site or service.
Avoid Using single "strategies" or patterns in your passwords e.g. family birthdays, anniversary, pet names, middle names, reversed words, all letters, all numbers etc. etc. It is best to mix up at least two of these ideas to create any one password you may use. For example "lov3#AT3" is better than simple "hate" or lovehate".
The more complex the better. Using combined methods helps you remember the password instead of writing it down. If you must write it down outside of a password management tool, write down the derivation method and a hint, don't write down the password itself.
Recent studies have suggested that a 3 or 4 word sentence provides better security than the traditionally proposed 10 character mish-mash. This is supposed to make things easier and thwart brute force attacks better. However, many systems have requirements on passwords that make the use of this type of password more difficult than it should be.
Use a password management tool such as 1Password. These can help with pretty much all of the procedures I have mentioned above and more besides. E.g. using the tool as a central repository for thing such as insurance, bank and other important life records can reduce the risk of loss in the event of a disaster.
Your password management tool will itself require a strong password. Remember all the rules for the password manager’s password. You are only as safe as the weakest link in the chain. Consider storing your master password with someone else as organised and trustworthy as you e.g. in your will, in your partner’s password management tool.
Getting organised now won’t be easy or quick but it will save you in the long run.