October 31, 2024
Passwords. Yes, Passwords.
Passwords – the bane of many people’s existence. (Including mine!) Sometimes it seems that clients spend 80% of their time chasing down passwords.
Funny thing, but a lot of people don’t even know they have passwords for important things. I often get “I don’t have a password!” when I ask a client to enter their password. (Sorry, but virtually EVERYTHING requires a password these days.) And then there are rules about passwords – how many characters are required, whether it requires any caps, numbers, or special characters, and all that fun stuff, but that’s a subject for a future blog.
But most importantly – how do YOU record your passwords? One tech guy I worked with back in my corporate days had every employee’s password on a sheet of paper. Thumbtacked to the wall of his cube. But it was secure – he tacked it on backwards. (Don’t be that guy!)
But what are the best ways to record your passwords?
Here is what I have come across in my tech journeys. PLEASE understand that this is an extremely surface level look at this subject – there’s enough here to write a best-selling book on the subject. (Now, that’s a great exit strategy!)
Method: Recording passwords on scraps of paper
Pros: Very accessible to you
Cons: Also accessible to bad actors, easily lost among other clutter
I see lots of this – scraps of paper with passwords scrawled (and crossed off) on them. Probably the most primitive way to handle this issue. Sure, it works, but if the papers get lost, stolen, or not updated the next time you forget a password and need to reset it, it’s a fairly worthless exercise. Plus, you’re always one coffee or red wine spill away from disaster.
Bottom line: You can do better than that! Move on to a more sophisticated method.
Method: Using a notebook
Pros: Very accessible, easier to organize than scraps of paper
Cons: Can find its way into the wrong hands (if you’re not careful), easily misplaced
The next level up on the food chain, the notebook is yet another popular method for storing passwords. The pros and cons are the same as the scraps example listed above, but at least they’re all in one place. More organized. And easier to hide or lock up.
Bottom Line: Not the best way to handle things, but not the worst, either.
Method: Spreadsheet
Pros: Reasonably safe, as long as you secure it with a password
Cons: If your computer goes down without a backup, you’re hosed – same answer if you forget the password to the file
Making a spreadsheet with your passwords is one decent way to save them. Simply create an Excel (or Numbers) spreadsheet, put a column in for your usernames, one for passwords, one (or more) for security questions, and one for the recovery phone number and/or recovery email you’ve established. Then secure the spreadsheet with a password. (Which means you have a password to access your passwords.) Just don’t forget the master password, or else you’re in big trouble.
Bottom Line: A step in the right direction – at least you have the ability to lock it up!
Method: Allowing your browser to save passwords
Pros: Very convenient – it’s a “set and forget” scenario
Cons: Can be spread across your devices via an account, can be lost if your computer crashes without a backup of your Library folder, and it’s vulnerable to security breaches at the tech company that hosts your data
All the browsers out there have the option to “save your logins” within. A good idea in theory, but, for illustration’s sake, let’s look at doing this using Google Chrome.
If you elect to save your passwords within Chrome, take note whether you’re “signed in” with a Google account – look in the upper right corner of a Chrome window to see if that’s the case. If you are, your passwords are being synced to all your devices that are also signed into that particular Google account. This is very convenient, as most of us own multiple devices, but there’s a downside – meaning your data is residing on somebody else’s server.
Now, most of us have no lost love for Google, but on the flip side, it IS a top-tier company, and it takes security very seriously. Firefox (Mozilla) and Safari (Apple) also have similar functionality and security practices. Yes, all of these tech firms probably encrypt user data and are very secure, but you must understand that once you engage in this practice, a lot of this is out of your control.
Bottom line: If you opt to save within your browser, decide how much you trust these big tech players with your data if you do elect to sync.
Method: Password managers
Pros: Makes password management simple, your data is encrypted
Cons: Prone to tech issues, possibility of being hacked, single point of failure
There are a bunch of password manager software programs (a.k.a. apps) out there – designed to save (and possibly sync between devices) your passwords. The most popular ones are DashLane and 1Password, but there are scores of others, and most of them are pretty similar in features. The gist of password managers is that they remember usernames, passwords, and (in most cases) answers to security questions, and have a browser extension that allows autofill of your information. Most of them have two-tier options; a lower tier works on one device only, and a premium tier that syncs across all of your devices. Which brings to mind the sync issue described in the “save within browser” section above. Just check out what happened to LastPass a couple of years ago.
Bottom Line: With password managers, you must understand that you’re trading security for convenience.
And now what NOT to do: NEVER allow any of your other sites (Facebook namely, but X as well, and [insert big tech firm name here] – which means NONE of them!) to save your logins! Mark Zuckerberg and Elon Musk both talk a big game about their companies, but do you really want one of those out-of-touch tech titans to have access to your data?
Let’s put it this way: I’m sure you know somebody who got their Facebook account hacked. How much help was Facebook? Does it have a number you can call? Perhaps an online chat or email that solved those issues? NO, to all of the above. Never trust your data with a company you can’t contact.
Final tip: No matter what method you employ, when changing a password, make sure you mark the date you’ve changed it. (And expunge the previous password in your records!)