Who Is Hosting This

Last week we talked about how to improve password security by making them tougher to crack.

However, your password security is risked if you can’t remember them. After all, the purpose of a good password is to deny others access to your accounts while still allowing you to enter. If you don’t complete the second part of the equation, you might as well no have a site set up at all.

Worse still, if you forget your information, you find yourself having to use password recovery tools to access your account and that can, in turn, introduce whole new security problems.

It is therefore critical to be able to recall your passwords. After all, one of the elements that makes up a good password is that it is hard to remember. Easier said than done, right?

This is the question we’ll be answering in today’s post.

A Few Things NOT to Do with Passwords

Before looking at a few of the potential solutions for the problem of remembering passwords, I want to mention a few things that one should definitely not do:

1. Write Down Your Passwords: Writing down and hiding passwords, whether under your keyboard or in your desk, is a very bad move. You’re not as canny as you think. Anyone with access to your machine can access your password. If your computer is in a secure place, such as in a locked drawer or a secure building, it may not be a major deal, but most environments are not secure enough to make this work. The best thing you can do is either use a code or avoid writing passwords down altogether.
2. Reuse Your Passwords: Using the same password for multiple services is a Bad Idea. Reusing the same password for services that need little security is sort of okay, but sharing them between those of importance is risky. For example, someone gaining access to you Facebook password is bad, but if it’s also your banking password that’s much, much worse.
3. Dumb Down Your Passwords: To avoid making either of the first two mistakes, many of you will “dumb down” or simplify your passwords. Obviously, this is an equally bad move because it opens up your password to attack.

These “don’t dos” puts you in an impossible situation: you have to create unique, difficult-to-crack passwords for every service you use and them memorize them without the aid of writing them down. No one short of a savant can do this and, consequently, security breaches are extremely common.

Decide Your ‘Password Sacrifice’

With that in mind, where does one make a sacrifice? The simple answer is, wherever it impacts security least.

For example, if (and that’s a big ‘if’), one can secure a piece of paper enough, then writing down passwords is probably the safest option, particularly if a code is also used.

On the other hand, reusing passwords may be the best approach if one can’t secure a piece of paper but can remember a good set of passwords, as long as the critical accounts have truly unique ones.

Finally, if you can remember all of your passwords so long as they are simplified, you may be able to get by using only “dumb” passwords. However, just make sure that the passwords can not be easily guessed and didn’t come from a dictionary.

The problem with all of these options is that you are sacrificing security for convenience. Some element of that is necessary, but get the balance wrong and you may find your account an easy target.

Password Dilemma Alternatives

Fortunately, developers have been working on solving the problem of passwords and have come up with a few secure and practical solutions.

1. LastPass: LastPass is Web-based service that also works as a browser add-on. It is multi-platform, working in Windows, Mac, Linux and most mobile devices. It will automatically fill in usernames and passwords for sites you visit and also includes a random password generator to ensure that you don’t reuse a password when setting up a new account. Free for the basic service and only $12 per year to add mobile support and remove ads.
2. KeePass and 1Password: Software solutions such as KeePass and 1Password, for Windows and Mac respectively, make it easy to generate passwords and log into services. However, they are somewhat more limited in that they only work on one platform (though 1Password is also for the iPhone and iPad. Still, may be useful for those not comfortable storing their passwords in the cloud.
3. The Unique Password Method: As discussed in the previous article, by basing your password on the service that you are using, you only need to remember the method for creating the password, not the password itself, making it easy to create a unique password for every site you visit and remember it.

The first two options are especially interesting as they not only provide an easy way to generate and remember passwords, but also provide anti-phishing protection. If you are tricking into visiting a PayPal-lookalike that is not on the actually PayPal domain, your password manager won’t pop up and fill in the form automatically.

However, the security of your passwords in such systems is only as good as the security of the systems themselves. Though no breaches have happened to date, if a flaw is discovered (or if someone were just able to gain access to your password for your manager) all of your passwords, for every site, would be vulnerable.

When choosing any of these alternatives, you have to remember, as above, that you are trading convenience for security. The question isn’t “Am I as safe?” but “Is the trade-off worthwhile?”

Bottom Line

In the end, the most secure passwords are also the most unusable. The big challenge is to find ways to make passwords both practical and secure.

The best approach is the one that works to your natural strengths and weaknesses. For some, it might be securing a piece of paper, for others, it might be a software solution.

When choosing a solution, be aware of what you are trading off and what you are gaining; beware a solution that costs you far more than it gives you!