How to safely manage your passwords
Updated February 2021:
When helping clients log in to their computer or websites, often I will see them pull out a scratch pad or sticky notes with various passwords scribbled on the page. There’s a better and more secure method to record your login information.
For years I’ve recommended using your own variant of my password system to help you memorize the unique passwords that you use for every device and web site. When changing passwords I recommend starting with your email password, then financial websites, followed by the less-important web sites that you’ve used over the years. Your email password is one of your most important passwords since many websites send password reset requests to your email address. If a hacker gains access to your email, they could change the passwords and lock you out of all of your other online accounts.
In addition to using a system where most of my passwords are easy to remember, I also use a password manager to keep my passwords and secure notes synchronized between devices. While there are many password managers to choose from, the one I use is LastPass. It works with and syncs my passwords and secure notes across all of my devices and web browsers. My LastPass vault is kept locked with a super-secure unique password or biometric authentication on my smartphone, which protects the other passwords and secure notes stored in LastPass. The Emergency Access feature allows passwords to be shared with trusted individuals upon your sickness or death. You can read a review of LastPass here. Other than website logins you can also store other information in LastPass, such as Wi-Fi passwords, bank and credit card account numbers, driver license, passport, social security, insurance policy numbers – along with card pictures too.
If you don’t need the sophistication of a dedicated password manager, you can use the password manager built right into your web browser and/or smartphone. On a Windows PC, your web browser has a built-in password manager. See details for Google Chrome, Mozilla Firefox’s Lockwise and Microsoft Edge.
Alternatively, if you have all Apple devices you may be already storing and syncing passwords with iCloud Keychain which can be accessed via Website & App Passwords in Settings on an iDevice, the Passwords Preferences in Safari on a Mac, and via a Google Chrome extension on a Windows PC. On an Android device, you may be already storing and syncing your passwords via the Google Password Manager and Chrome browser – click here for more information.
The simplest method to store passwords that can synchronize between your devices is using the Notes app on Apple/iCloud devices or Google Keep which is available on most devices. Make sure that each of your devices where you use Notes or Google Keep are synchronizing with your cloud account, and each device where you are logged in needs to be protected with a secure password.
2SA, 2FA or MFA: For more security, many online services offer the additional option to call, text or send a prompt to your smartphone in order complete the login process. For more information Read more about 2-factor authentication here.
If you prefer to want keep your passwords in typewritten form such as a document or spreadsheet, never name the file “passwords”, nor include the name “password” in the content of a file – both are easily searchable on a computer. You can also password-protect a document or spreadsheet with a password that you can easily remember or is stored in a secure and memorable location. Also, don’t type the entire password – just parts that aren’t easily memorable. For example you could type the name of the website and date, but use an underscore “_” or dash “-” for characters of the password that you’ve memorized without revealing the entire password to someone that you may not want to view your password list. For example, my typed Yahoo password would be M – – Y – – 0 9 1 6 – I know what characters are represented by dashes. Also make sure that
A low-tech method for keeping track of your passwords is using a password log book such as this #1 Best Seller at Amazon. I suggest not writing complete passwords in the book, but hints to the password (see above). Also you should store the book in a locked fire-proof safe or non-obvious location, remove the cover sleeve that says “passwords”, and make sure your spouse and next of kin know the location of the book.
For all logins include the following 5 pieces of information at a minimum:
- Login name (e.g. AAA)
- Website address (e.g. www.aaa.com)
- Username/email address (e.g. firstname.lastname@example.org or mesmith89501)
- Password – labeled “pw” (e.g. AbcAaa123)
- Date (e.g. Changed 2/14/2014 due to data breach)
If you need help setting up any of the methods mentioned above, we can help.Print This Article