On my last post, I made some suggestions to assist you with managing passwords. How many ways can there be to do this, though?
1) Just use the same username and password on every site. This is really a bad idea. If someone gets ahold of the information needed to sign in to one site, this person (or persons) can now sign in as you to every site where you have an account. While it might not seem bad to you if your e-mail account is compromised (“I don’t have anything important or secret there” is the most common thing I hear), now it can be used to send spam. Now your online retailer accounts are no longer secure. Then goes your bank. Then anything else.
2) Use good passwords for “important” sites (e.g. banks), but don’t worry about the rest. While on the surface this seems like a good idea, it’s not. Much of the time, all someone needs to do is get into your email account and then do password resets on your other accounts. The tools to do this get sent to your email account which has now been compromised. Essentially, this is not more secure than the first option.
3) Memorize everything. Awesome idea if you can pull it off. Bad if something happens to you which disrupts your memory. Realistically, most of us cannot do this. The details of all those login credentials get mired in our brains.
4) Write it down. This method is only as good as the physical security of the book (or paper or stone tablets) you use to maintain this. As long as you can keep it where no one can get access to it without authorization, it can be greatly effective. However, it’s not very convenient as you can only sign on to sites you haven’t memorized when you are near your “little black book.”
5) Use some kind of software. I recommend this method as long as the software allows some kind of synchronization across devices. Part of this is for convenience (you’ll always have it with you). Part of this is for redundancy (the loss of one device won’t mean the loss of your credentials). Like option 4, it’s only as secure as the software and password you use. Dashlane and Strip both use excellent encryption on the database so all you need is a good password. Sync Strip with Dropbox or pay for Dashlane’s service and you have ready backups on all your devices.
