Protecting Your Passwords
Where do you keep your passwords? Over the years volunteering at the FamilySearch Library, I have observed a lot of interesting, but scary, password practices by our library patrons. Slips of papers, little black books, binders, stickie notes, and whatever else, was used to store important website information. Can you imagine losing those pieces of information filled with bank logins, Facebook accounts, and so forth. This does create vulnerabilities for us, like losing control of our passwords. In our world of increased cybercrime, password creation and storage becomes a huge issue for us. Let's review how we can keep our passwords strong and protected.
Example of Poor Password Protection
The image above was actually found on the floor of the library. On the back - full bank login information.
Create Strong Passwords
Bill Burr, a former manager at the National Institute of Standards and Technology (NIST), was the guy that developed password standards back in 2003. We have all had to live by those annoying standards, like the minimum 8 characaters, at least one capital letter, a special character, etc. (MyP@ssW0rd). In a 2017 article written by the Wall Street Journal he had a new tip for us: N3v$r M1^d (never mind). He stated that he regretted his prior standards as being worthless. We still have to endure these standards by those corporations that have yet to change their password requirements.
A Navy website that holds my records wants a 15 (that's FIFTEEN) character password that has to be changed every 6 months, and has to have those funny characters and such in them. Probably 5 years or so ago I stopped fretting as to how to create something I could remember. I started using an app that created random character passwords and stored them in its password protected database.
What Kinds of Passwords Should We Be Using Now?
According to the new recommendations, we should be using four random common words. Here's a good example: "Chunky-Chimpanzees-Choose-Cheetos". Okay, maybe it should be a little more random than that. You could also use any "funny" characters in between the words, or even none.
The other standard has always been to NEVER use the same passwords for all your sites. This makes so much more sense now since our logins (emails and passwords) are out there on the "Dark Web" being sold to all the hacker groups out there. You WILL be hacked at some point if you are not careful. NEVER REUSE PASSWORDS!
Go to the website "Have I Been Pawned?" to see if your email and passwords are in the global hacker database. Yes ... the website is legitimate and is used by many apps to check to see if your passwords are at risk, like Safari, FireFox, 1Password, and many others.
Should we have to change our passwords every 6 months? If you are creating good passwords, then probably not. Maybe you might want to consider doing so for any financial organizations just to be safe.
So Many Passwords to Remember: I Need Some Help Here?
Probably the easiest solution is to use a password protection app. Think of these as "the one password to rule them all!" to borrow a slightly changed quote from the Lord of the Rings. Be sure to use a complex strong password that you can remember. If you forget that one password, all of the passwords inside of it are lost. There are many apps out there in the Android and Apple iOS app stores to choose from. They work well and many are free. Just one disadvantage with the free versions, and probably a big one, is that if you lose your phone containing the app, you also lose your password list.
Some companies like 1Password allow you to sync your database to multiple devices AND you can even open up your password database in a web browser. You then don't have to worry about losing your password database. However, these come with a subscription cost typically. For the convenience, stability, and safety of these types of apps, they are worth the price if you can afford them.
Subscription Apps NOT a Possibility For Me
Did you know that your web browser stores your web site passwords for you? This is true for the Chrome, FireFox, Safari web browsers. You have to be signed into your browser for this to happen. Many people just use their browser without signing in (right upper corner). Being signed into your browser is a very handy feature to use. All of your bookmarks, passwords, and other settings remain in sync across all your different devices using that browser. Go into the "Settings" for your browser. The image below is from the Chrome browser. Look for the "Autofill" section, and then "Passwords". Expand the category to see the list of stored passwords.
You should see your stored passwords in a list as below. It will list the website, your username and password for that site. To see the password, click on the little eye icon. You will need to provide your Google account password to see the password.
There is another feature that many miss. You can export your password list to an Excel spreadsheet by clicking on the vertical menu icon as below.
A button to export your passwords appears. Chrome will export your passwords to a NON-PROTECTED Excel spreadsheet file. Just be aware of this. You could either password protect the sheet, or print it out and keep in a very safe place at home.
Now that I have explained this option of saving passwords, there is also one potential downside. If you are logged into a website and change your password from your account profile withing the website, your changed password will not be reflected in saved passwords list for your browser. You will need to log out and then back in with your new password to trigger your browser to ask if you want to update the password. A popup dialog box appears with "Do you want to update your password?". Before your say "Yes", wait (if you can) to see if the website actually logs in before saving the password, otherwise an incorrect password will be saved to your browser password list.
I would offer this piece of advice to those of us who struggle with passwords. It may be a good thing to print out your password lists periodically and then keep them in a safe storage place. Your life is in that password list, so you do not want others accessing it. Another situation where this could be helpful, is for your family to access should you one day pass away.
Create a Password Protected Excel Spreadsheet
There is also another option you may want to consider. If you have the desktop version of Excel, you can create a spreadsheet with the website names, your username, password, challenge questions, etc for each website. When you save the spreadsheet, be sure to put a secure password on it. If you are using the phone or tablet Microsoft Excel apps, your file will be available to you on those devices. I have a handout discussing how to create this spreadsheet at this LINK .