Password Managers

When the ‘net was young, and accounts were few, we started jotting down our ID/password combos.  First one Post-It, then a dozen; we may have started a neat, spreadsheet print-out, but soon it was quickly covered with dozens of hastily-added handwritten additions.  As the number of websites requiring logins proliferated, even less-than-power users were overwhelmed.

We re-used the same ones, at first, until each site started enforcing different criteria.  Then we were scared shirtless by media reports on how unsafe this was–but by then we had dozens (or hundreds) of accounts.  What’s a body to do?

As an early internet user, we too have felt the pain of runaway passwords.  Once pieces of paper were filled beyond the point of being read legibly we were finally motivated to find a better way of digital record-keeping.

For now, the only practical solution we can see is a password manager program (or app).  The idea behind them is you remember ONE nice, secure password, and that lets you into a list of all the rest of them.

That means you can assign a really good—and unique—password to sites, and not worry about remembering them.  AND you can change them more often without experiencing early-Alzheimer’s symptoms. Since recommended passwords often look like au”wBeU?KsKVX+T8d”T, this is a load off one’s mind.

The password manager is literally a database of all your accounts.  You can group them by types, and even speed-search for sites by typing a few letters. They often include a function to generate a password for you, as long or as obscure as you need. (And the database itself is encrypted, as is everything in working RAM.)

There are many of these apps out there.  RoboForm was an early one that was essentially part of your browser. The major companies (Google, AT&T, Apple, etc.) have ones of their own, but the catch is whether they run on ALL your devices. There are several fine free ones out there, including open-source versions.

We’ve had good luck with KeyPass.  It’s small and responsive, and has versions for Windows and Android (our chief environments). You can have it open all the time, yet have it re-prompt for password should you walk away for too long.

For those of us who migrate between multiple devices every day, the trick then is to have just ONE database the manager reads from—otherwise, there would be “version chaos.” For that reason, we point each device’s copy of KeyPass to a common database online, stored in a reputable cloud service (DropBox, OneDrive, etc.). [This is theoretically a bit of security exposure, but as far as we can tell the encryption levels of transport and storage should keep one fairly safe.] This means an addition or change made on one device is quickly available on every other device.

It IS painful to transcribe all your accounts into the manager, but—like everything—a little bit every day makes quick work of it.  If you add them in the order you use them, you’ll also note how many old accounts are effectively dormant. TRY to close down unused accounts, but if you can’t we’d recommend starting a “Dormant” or “Obsolete” group in your password manager; just in case sometime down the line you need a clue, and you’ve thrown away the paper.

This handy way of collecting and organizing all your online “vital information” could be invaluable if someone has to help you out because of illness or incapacity (and, by definition, you never know when this could strike). This central collection of your internet accounts will save feverish pawing through paper folders. Of course that means your Master password has to be retrievable by a trusted someone, but ONLY in the right circumstances. How to cover this, we leave up to you, but online accounts will be a whole new dimension to wrapping up 21st century estates.

As with everything security related (especially in the digital world), there are no perfect solutions, but we urge you investigate the world of password managers. Biometric devices and DNA samplers may be down the road, but for now…we KNOW stacks of paper and Post-Its is a security nightmare (if even you CAN find what you’re looking for), so get rid of them sooner than later.


For a better understanding of passwords (and how to chose a good one), we recommend Gibson Research’s valuable page.

 

Leave a Reply

Your email address will not be published. Required fields are marked *