Passwords, passwords. They are everywhere!

These days every time you turn around and interact with something online you are asked to create a password. Often you are given direct instructions on how it should be structured.

For example you may be told at least one capital and one lowercase letter, a number and perhaps a symbol or an odd character like an exclamation mark or tilde.

You are also frequently told what you cannot do.

No words from the dictionary, not your dogs name, not your birthday, no consecutive numbers (12345) or part of the top line from the keyboard (QWERTY). You can get the picture.

In most instances they go on to say it has to be strong. Some sites giving you a measure of the password’s strength on a colored bar across the base of the entry field as you create it.

The cardinal sin is using the same password for all of your sites!!

This is all very well. It sometimes feels like everyone requesting a password thinks that their’s is the only password you ever have to remember. As you well know nothing could further from the truth.

Two Factor Authentication

Nowadays there is more emphasis on using two-factor authentication to increase the security strength.

This can consist of a one off code sent to your mobile phone which you then have to enter to complete your login.

Another approach is to have an app on your phone from which you can respond after the initial login activates it. You respond and get logged in. Namecheap does this but to date they don’t have a way to remove the dead messages from your phone.

Usually you have to specifically choose to optin to make use of this function. Google is encouraging folk to make use of it on their sites too.

Passwords ARE vital

Not for one moment am I questioning the need for passwords and security. It is a crucial component of on line security. There are plenty of horror tales out there where people have been compromised, ‘seduced’ or plain robbed of their password.

If you want to see whether any of your data has been compromised take a look at Haveibeenpwned. May make interesting reading.

Horror in the News

From time to time the news has a story about a major password breach in a significant organization with tens of thousands of passwords and other key data impacted. This can create a real sense of concern for the folk involved especially if they don’t know what to do to recover the situation.

Some of these news stories and the paranoia that surrounds password security can be misplaced, misunderstood or downright misleading. Especially for those who may not very technically literate.

Tip of the Iceberg

A data breach may only be the tip of the iceberg especially if a single password has been used across multiple sites. Those who have stolen these usernames and passwords will invariable go on the hunt to try and break into other sites.

Using their ill gotten password they test it against other significant sites by running through a selection of user names. If you have used the same password there the chance they can get login access to your other account is greatly increased.

The crucial point here is the organization concerned will not detect the ‘breach’ because it sees it as a legitimate login. You may though because of the damage or loss you experience.

Some organizations do watch for things such as the name of the device logging in, the IP and the location from which it comes. When something abnormal is detected they send a check email. Facebook, Google and others do this quite often.

The Golden Rule

All of these scenarios lead to the Golden Rule

On EVERY site for which you need a password ALWAYS use a different and strong password.

The Resulting Question

This rule raises the question ‘How do you remember and action all those passwords?’

An Early Approach

In earlier days before I knew about password managers I started out using a spreadsheet. I stored the site URL, the Username and the Password as a single entry line.
Problem was once there were more than a few sites it really became unmanagable.

If you changed a password you had to re-visit the spreadsheet and make the change. Your typing had to be accurate as did the case of the characters.

Finding the entry became a challenge so you had to sort them alphabetically every time the sheet was edited.

And there was no security or encryption. Anyone with access to the spreadsheet could see all your passwords.

Intoducing the Password Manager

Once I learnt about Password Managers it became obvious they were the only practical way to keep track of multiple logins and passwords.

I was introduced to RoboForm years ago and continue to use it without any issues. It is a popular application that is simple, robust and kept up to date regularly by Siber Systems.

There is a FREE version of RoboForm and a moderately priced version called RoboForm Everywhere which is what I use. This allows you to synchronize your passwords across different computers, gives two-factor authentication, a sharing capability and a web app. It also has a form filling capability that remembers your details and can populate fields in a form for you.

RoboForm: Learn more...

There are other Password Managers available such as Keeper, LastPass. 1Password and Dashlane. So do a bit of research to find one that suits you.

Final Thought

If you are serious about your password security it’s clear that the only effective way to manage them is with a password manager. Just make sure you choose one that suits. Don’t leave your password management and control up to chance. Do something about it NOW and beat the paranoia.

A bit of light relief to end

IT support person helping a user to solve a problem asks for their password.
‘Huey, Dewey, Louie, Mickey, Minnie, Donald, Daisy, Goofy and London’
was the reply
‘Why such a long password?’
‘I was told it had to have 8 characters and one capital!’

Talk to you again soon

Ian Whyte

PS
If you want to know how to get better traffic for your site  Simple Traffic Solutions 2019 would be a good place to start.  Get an 87% discount using coupon code ‘stsmegadiscount‘ on the JVZoo order page to

 


    2 replies to "How To Avoid Password Paranoia"

    • Alison Winmill

      Interesting article that was helpful

      • Ian Whyte

        Hi Alison many thanks for visiting my site.
        Glad that you found the article interesting.

        Ian Whyte

Leave a Reply to Alison Winmill Cancel Reply

Your email address will not be published.

CommentLuv badge

This site uses Akismet to reduce spam. Learn how your comment data is processed.