Tips on managing online passwords

Discussion on why you shouldn't use the same username and password across the Internet and how to manage and keep secret a large set of unique usernames and passwords.

One of the problems we all face today is how to manage all of our passwords that we use across the Internet for all the different web sites where we visit, shop, and bank. If you happen to be using the same user id and password for multiple sites, then stop doing this immediately! You're leaving yourself open to being hacked on a large scale across the Internet if your id and password are ever compromised on just one site.

You may be thinking that your id and password are secure because you're using a secure (https) connection. Well, it's true that your id and password are safe while they are transmitted across the Internet, but this isn't necessarily true once their stored on the remote web server. Once received and / or stored, the privacy of your data & your identity become the responsibility of the company or companies that are hosting the web site, processing your payment, managing the databases, and running the parent company.

For example, in a high profile attack during the summer of 2012, both LinkedIn and eHarmony admitted that its users' passwords were stolen and published online for all the world to see. It's important to point out that the hackers actually stole encrypted passwords, but since the encrypting method was very weak, the hackers were able to decode the bulk of passwords. This story is an important one because it highlights how each company determines on its own how it stores your data and how safe it might be.

Now, if you had a unique password for LinkedIn (or any site for that matter), if your credentials are stolen, then the hacker can only use them to gain access to this one particular site.

If you have many passwords to keep, then it is probably best to keep them in a password protected spread sheet. You can use an application like MS Excel or LibreOffice, which is free and supported on Windows, Mac, and Linux.

Versions 3.5 and higher of Libreoffice support AES-256 encryption for password protected files, and it's very simple to use:

  1. Open libreoffice calc, which is the spreadsheet program in libreoffice
  2. Set up your spreadsheet as you wish.
  3. File -> Save
  4. Select "Save with password" in lower left corner of save dialog, then select "save"
  5. Type in your strong password twice
  6. Commit this password to your memory but don't write it down. If you lose this password, then you'll lose the data in the file.

Libreoffice has these recommendations for creating a strong password:

  1. Length of eight or more characters.
  2. Contains a mix of lower case and upper case letters, numbers, and special characters.
  3. Cannot be found in any wordbook or encyclopedia.
  4. Has no direct relation to your personal data, e.g., date of birth or car plate.

References:

Help us improve this article by adding your comment or question:

email addresses are neither displayed nor shared