5 Tips for Better Password Management
There are many articles on the internet about how to construct good passwords that are hard to hack. Today I’d like to give you some tips for managing your list of passwords rather than how to create them.
At Everyday Money Management, February is password month. In February we test our passwords, update our lists and help our clients do the same. If your passwords are all over the place, or, heaven forbid, only in your head, consider these tips:
1. Choose a place to keep your passwords and stick with it
If your passwords are kept in more than one place, things can get complicated. Having a few on a sticky note near your computer, others in a password journal, and then others in your phone, is a recipe for confusion, especially if you need someone else to access them for you. If you use a paper list, always keep your list updated when you add or change passwords. If you use a password manager, it should automatically offer to capture new or updated passwords when you create them. If not, take the time to open your password manager and make the updates, before you forget!
2. Consider security AND ease of use when choosing how to store passwords
It is fine to remember two or three passwords that you use regularly, like your computer password or your email password, but most of us have more than 50 passwords and we just can’t remember them all. Using easy to remember passwords or re-using passwords makes it easier for you, but also easier for the hackers to break through them.
The key to a good password system is to balance security and ease of use. For this, one of the best systems is an online password manager. These nifty programs allow you to store your passwords in an encrypted vault under a master password. That means you only need to remember one password in order to access them all. Using the program as a browser extension makes it even easier for the program to populate the user name and password fields automatically when you go to a website it recognizes. It also means you can use long, secure, “gobbledygook” passwords because you don’t have to remember or type them.
Could an online password manager be hacked? Yes, it is possible, but there have been very few breaches and even when they were breached, the companies had security protocols in place that ensured that the hackers did not get customer password data. Personally, I trust the security measures of a password management company over any other method.
If you still want to use a paper list or card file, by all means do so, but store it in a secret place. In the file holder right next to your computer is not a secure choice. Maybe tucked inside a book on a shelf nearby or in another room. Make sure you put it away when you are finished using it.
3. Document ALL the information you will need
When you make a list of your passwords, make sure you include all the information that might be requested. It is so frustrating to have the user name and password but not be able to get in because the company is asking for more information. Don’t be mad at the company – be glad that they are trying to keep your data secure!
Here is a list of the common data items you may need in order to access a site:
User name
Password (case sensitive)
PIN
Security questions and answers (spelled exactly how you entered them originally)
Security phrase and/or Security image (for you to confirm this is the correct site)
Destination for 2-factor authentication (usually your phone number or email address)
Email address that is used for password resets
In password managers, you can record this information in the notes section.
4. It’s not just websites -- store all your secret information
You may need access information for things other than websites. For example, you could store the PIN to your ATM card, combinations to locks you use in your home or at a storage facility, the password to your home router, the location of your safe deposit box key, etc. This is secret information that needs a safe home besides in your head. Your password list is the most logical place for you or someone you trust to look for it.
5. Test them and change them – at least annually
Take some time each year to test your passwords and to change the ones that you have not changed in a very long time. Make the shorter ones more secure by changing them to longer ones. Make sure your financial institution passwords are different from your other passwords. Make sure the password reset feature is going to the right email address. Then update your paper list or password manager.
We invite you to join Everyday Money Management this February and organize your passwords. This is part of our year-long Whole Life List Challenge. If you’d like to join the challenge, sign up here. It is free and you will be glad you took the time to do it!