Password(s) strategy

Last updated: 21/11/2016

A password is typically the gateway to every single service you’ve ever signed up for.

As we know, using the same password everywhere is a very bad idea for the simple reason that if a malicious person has access to your password, he can have access to ALL your accounts, on ALL the services you’ve registered.

Having a few different passwords is also a bad idea, because a malicious actor with access to one of your passwords will have access to some of the sites on which you’re registered, if they can find out what they are.

The best approach is to have a different password for each and every single service to which you’re registered.

How to come up with good passwords? How do you come up with dozens, sometimes hundreds of different passwords?

You need to have a strategy here, here’s the outline of a good one:

1.) Choose a strong password

Your password should be long, hard to find out, easy to remember. Look at “Choosing a strong password”.

2.) Download a password manager

Choose between LastPass, 1Password and Keepass.

3.) Use the password in 1.) as the password manager’s master password

4.) Most important thing first, change your email password.

I cannot emphasize this enough: your email password is like the master key to your digital life. If someone gets hold of your account, they can request new passwords everywhere and lock you out of every website you’re on. Good luck getting everything back to normal.

5.) Ask the password manager to remember your login details next time you log in to a website

6.) Slowly, progressively change your passwords so that they’re all different

It might take a while but you have to do it

7.) Use third party identity providers like Google or Facebook, so that you have less passwords to remember

8.) Use 2-Factor-Authentication when available


Q: Are these password managers safe?

A: they’re safe as long as no one knows your master password. If someone watches you enter it, or if some spyware manages to catch your credentials, then you might be in trouble.

Q: What if I don’t want to use a password manager? Any alternative?

A: If you don’t want to use a password manager, 1. choose a strong password and 2. change it according to the website on which you are (so that you can always recreate it should you forget it)

Example:

If your master password is B.L.U3m00n()n@burn770@57, and you want to create a password for Facebook.

You can take the first letter of the word “Facebook”, the last letter and then the number of consonances and add that to your password. So you’ll end up with B.L.U3m00n()n@burn770@57FK4.

Make sure what you’ve done is not obvious because a hacker that has your password in plaintext could easily generate the different versions for other websites.

Just find something that works for you so that your password is long but not too long, otherwise you’ll give up really easily — or use a password manager ;-)


Which technique do you use (please don’t write your passwords down)?

Stay safe!