Being organized about logins and passwords

I’ve been changing a lot of passwords this week because of the major computer security problem known as Heartbleed. While going through this exercise was no fun, there were some good things that happened as a result, too.

Managing passwords

Most importantly, I’m managing passwords better. As I change them, I enter them into 1Password. It’s one of the many password management tools around — and the one Dave recommended a while ago.

Before, I had a few critical passwords in 1Password as an estate organization tool; I could give my executor (and the person with my financial power of attorney) the passwords to my computer and to 1Password, and he had everything he needed to manage my digital life. I also had a file (innocuously named without “password” in the title) with a list of hints and reminders in it to help me remember the passwords I had chosen. As it happened, though, I didn’t always remember the passwords based on the reminders I had created for myself.

As of now, I’m not using all of 1Password’s functionality. I don’t yet use it to login, and I don’t sync it across devices. But even with my limited use, it’s been a big help.

Evaluating accounts

As I went through my list of websites where I had logins and passwords, I found some that I just don’t need any more. For example, I had a login to IFTTT — which is a very useful tool for some people, but not anything I’ve found I need. So instead of changing the password and adding it to 1Password, I just closed the account.

Points of confusion

I found some notes in my password hints file that were confusing, including my notes about Etsy. It winds up I had created two accounts, which I used interchangeably. Since each one has some purchase history, I’m leaving both in place — but now I have two entries in 1Password so I won’t get confused again.

Notes about complicated passwords

I changed my email passwords, and I thought I had updated my computer and my cell phone appropriately — until I found out that I could receive email on my phone, but not send it. I figured out what I had missed, and now I have a note in 1Password reminding me to make this additional update whenever I change passwords again.

Remembering master passwords

Since my password for 1Password is a long, complicated collection of letters and numbers, I do have it written down and tucked away somewhere — a place no one is going to find it. However, I’ve been going into 1Password enough lately that I don’t even need to pull out my reminder any longer.

What about you? Have you taken steps to better password management lately? If so, please share in the comments!

10 Comments for “Being organized about logins and passwords”

  1. posted by Andrea on

    I have a system. This isn’t exactly it, but it is similar in construct….

    Say my base password is “Password”. Then i use the second letter of the site, for Apple.com, it would be “p”, and the number of letters in the site name, in this case, 5. So my Apple.com password would be pPassword5.

    It includes a capital and a number for all those sites that need one or both, and my base password is quite long. I end up with something different for each site, but i only remember one system. (my email and bank passwords are different, and longer.)

    i find this simplifies what i need to remember but means each site has a unique password.

  2. posted by Jeffrey Goldberg on

    [Disclosure: I work for AgileBits, the makers of 1Password]

    A lot of people do what Andrea describes in her comment, that is picking a “base” password and then use systematic variants of it for each site. The difficulty with this is that it doesn’t protect you. When an attacker gets one (or especially two) of yours that attacker is in an extremely good position to guess at the others. So Andrea’s scheme doesn’t protect anyone from the (significant) dangers of password reuse.

    I know as well as anyone that it is a “process” to get all of your passwords strong and unique. But with something like 1Password, you can start improving your situation with every password change, and you can check to see whether you have reused your passwords for your most important sites.

    So what at first seems like an impossible chore (switching to truly unique passwords for each site and service) becomes something that you can make very meaningful progress on easily.

  3. posted by Jonathan on

    I find that a good “master password” (for 1Password or the like) is to just use an actual sentence — punctuation, capital letters, and all. It’s easy to remember, but you can make it arbitrarily long so that it’s impossible to guess.

  4. posted by Cindy on

    I have started using Keepass – at the encouragement of my husband who is an IT person. Keepass provides a place for passwords and a comment section for answers to security questions or other comments. I placed a copy of Keepass on my Dropbox so I can get to it anytime on any computer. I have one password to get in to Keepass. Another feature I like is that it will generate passwords for you! Check it out!

  5. posted by varun on

    I’m with Cindy here – as much as I appreciate the user-friendly nature of 1Password, LastPass and others, I’m more comfortable with an audited open source application like KeePass. Yes, it means I have to open a separate application because it’s not integrated directly into my browser, but it’s a tradeoff I can live with. Oh, did I mention it’s free as in beer as well? No complaints from this happy KP user.

  6. posted by Stephanie on

    Can you tell us what you missed in “notes about complicated passwords”? I would like to change all the passwords on my email accounts but I’m wary of what it will do to my phone.
    Thanks!

  7. posted by ali on

    There are really good Internet Security software brands out there that offer not only spyware, anti virus and malware protection but set up a master password so that the software (Trend Micro, Webroot, and Kaspersky are the big three) handles it. they can also detect unsafe websites or when safe websites suddenly become unsafe. They are cloud based, so they don’t take up a lot of space and you can protect mobile devices as well. Totally worth it.

  8. posted by Mackenzie on

    I’m another one who puts a KeePass encrypted file in DropBox. I work in the security industry.

  9. posted by Marie on

    My work had a meeting about security in which they included passwords to avoid. You would not believe how many of the guys looked sheepish when the IT rep stated not to use ‘my favorite sports team’ are # 1.

  10. posted by Jeri Dansky on

    Stephanie, this will all depend on your specific mail setup. But on my iPhone, I had to go into settings and update the outgoing SMTP mail server, not just the incoming mail server. On my MacBook, I only needed to change it in one place (as far as I remember), so I didn’t realize I needed to change it in two places on my iPhone. Once I DID realize that, it was easy!

Comments are closed.