TECH TALK: One account to rule them all

ERIC’S TECH TALK

by Eric W. Austin
Computer Technical Advisor

This week, in our continuing series on finding anonymity online, we’re going to address one of the most important ways to ensure your life online is a safe, secure and happy one.

Passwords.

Remember when the most you had to remember was your ATM pin? Those days are gone, and now pretty much every website wants you to log in with a username and password. If you are like many people, you might use the same combination for multiple sites (except for those sites where somebody already took my username! Arrgghhh!).

You also probably know just how insecure this practice is – hack that one password and a hacker will have access to all your other accounts!

So, it’s utterly important to use unique passwords for every site you visit — or at the least any site that has sensitive or important personal information about you, such as online banking, or places you use a credit card and with your address like Amazon or Target.com.

Before we go any further, let’s review what makes a good password. Stay away from using personal information for your password, like a birthday or pet’s name, even though it would be easier to remember. Try to use numbers as well as letters and include a special character or two (@!#$% etc…). Make it at least eight characters long, the longer the better. According to Google, using numbers and special characters makes an eight character password 30,000 times more difficult to guess than one of lowercase letters alone!

But how do you remember all these passwords? There are a number of ways to go about this, and they each have their own pluses and minuses. Many people (including myself) use a password manager, which usually is an extension for your browser that automatically saves passwords for you.

There are a number of good ones available. Personally, I use LastPass, which is available for all platforms. My only quibble with it is that it is only free for the desktop version. The app for IOS or Android will cost you.

But any similar password manager will do. Just ensure it’s a company that has been in business for a while (you don’t want them going belly-up and taking all your passwords with them). And read through their policy FAQ to make sure they take security seriously. The benefit of a password manager is that many will also generate passwords for you, and being random, they are highly secure.

Of course, no one can remember dozens of completely random passwords, so if you lose access to your password manager you often lose access to your passwords as well.

If you don’t want to use a password manager service, you’ll likely have to write them down somewhere. I recommend that you don’t keep a password file online for obvious reasons, and if you use Word or Excel to store passwords locally, secure the file with a password so that it is encrypted and cannot be digitally scanned if you get hit with a virus.

Also, don’t name the file “passwords.doc”!

Surprisingly, the most secure way to store your passwords may be the old-fashioned way: with paper and pen. Keep a notebook next to your computer and write each one down. Just don’t leave your notebook somewhere carelessly like an airport or restaurant!

Assuming you’ve decided on the best way to st
ore your passwords, and you do not want them to be randomly generated for you, how does one come up with so many secure, unique passwords?

While completely random passwords are the most secure, second best is a password that at least appears random. This is a tip a friend of mine suggested years ago and I have used it ever since.
Create a password “formula” that will look random to anyone else, and allows you to make it unique by tweaking only a single element of your formula. Let me show you what I mean.

For example: Let’s say my password for Amazon.com is “P48:bates!@AM” (without the quotes). It’s obviously not a completely random password, but because none of the elements directly relate to me it’s very difficult to guess. My formula for this password is simple: favorite bible verse [Philippians 4:8] + name of favorite movie villain [Norman Bates] + “!” + “@” + first two letters of the website name capitalized [AM].

Using this formula my password for Target.com would be “P48:bates!@TA”. Although the password looks complex, it’s made up of parts I can easily remember. This way we achieve a complex, unique password that is made up of numbers, symbols and lower and upper case letters, but is still easily generated and easily recalled.

Is it as secure as a completely randomized password? No. Is it better than using the same password on every site? Absolutely! How ever you define your password formula, use elements that are unique but unrelated to you and never — never ever — use any personal information like your name and address or birthday as part of that formula.

As a final piece of advice, and tying back to my headline, let me emphasize that not all accounts are created equal. If you have a Google or Microsoft account which ties all your other accounts together (the one where a password support request from other websites will be sent), give special care to the password you use for that account, and change it at lease every six months.

I hope this has been helpful, and please tune in next time when I’ll dig deeper into VPNs, proxies and firewalls, oh my!

Have a question or idea for a column? Eric W. Austin is a marketing and technical specialist and can be reached by email at ericwaustin@gmail.com.