Let us dive a bit deeper into Protecting Your Digital Identity by looking at password management options. This is by no means a comprehensive list, but one that should get you thinking about core concepts and enablement.
Option 1. Manual Passwords
Important things to remember when you take a manual approach to password management, don’t write down your passwords in a password book or spreadsheet. A rule I discuss often with my Cub Scout pack is “leave no trace”. This rule should be adopted by everyone when it comes to passwords.
Come up with a cornerstone password, something that is 9 character or more and complex with a capital letter, number, and symbol that only you can remember. Then, for each website add a piece of the website name to your password, for instance
My Cornerstone password is Th1s0ne!sg0od and if I were to use it on Amazon it would be AmaTh1s0ne!sg0odzon or for Yahoo! it would be YahTh1s0ne!sg0odoo!
Mix it up, but make sure you can remember it. Don’t save it in your browser. Ignore that helpful reminder of “Hey, I can totally remember this password for you and store it in plain text.”
Option 2. Password Managers
Common password managers you might hear about are LastPass, Dashlane, and RoboForm. Each have unique offerings with various features. The important thing to look for is that passwords are automatically generated with complexity, traffic is encrypted between endpoints, and the manager offers multi-factor authentication to access your password vault. We will explore each offering in an upcoming blog post.
Option 3. Multi-Factor or 2 step verification
If you are tired of managing passwords and would rather use an easier password or the same password multiple places, you need to couple it with another authentication “factor”. I talked about using google authenticator in an earlier post, but there are many options to choose from. What is important to keep in mind is how reputable the authenticator is and how secure the code generation system is. Some sites offer a different form of authentication instead of a dedicated token known as 2-Step Verification. 2-Step Verification typically consists of entering your password and then being challenged to input a code that is emailed, sent as an SMS text, or voice call. This often takes a little more time to logon to sites, but is generally easier to setup and use for most users.
In this post we explored three primary methods of password management. Each method has its own pluses and minuses and it all really comes down to what works best for you. I tend to use a combination of all three methods. My email password for example is cornerstoned AND protected by multi-factor, but is not saved in my password vault. In next weeks blog we will look at ways to see if your identity is currently for sale on the dark web and what you can do about it.
Tell your friends about The Word on Security and together we can shift our at risk cyber culture to one of pro activity.