We just added a new, password-protected Members section, so let’s talk a little about password management. We all have too many passwords to remember. Some people deal with the problem by just using one simple password for everything, but that’s an open door to hackers and identity thieves. Here is a link to some good, practical advice on managing passwords from WordPress, the firm that wrote the software that powers this website. Bottom line: use a password manager. Lots of apps now offer to remember passwords for you; e.g., most of today’s browsers boast built-in password managers. For what it’s worth, the reviewers I trust the most say to stick with the independent, stand-alone managers. Read up on password managers and try the one that sounds best to you. Here are links to PC Magazine’s reviews of premium (paid) and free password managers for 2018. Any search engine (Google, Yahoo, etc.) can find lots more information for you.
I have been using LastPass Pro for several years and swear by it. The free version is good, but the Pro version is cheap and I think the extra features are worth every penny. It remembers all of your visited websites and their passwords and fills in the password automatically when you visit them again (very nice!). It can generate, enter, and remember random passwords. It even recognizes most password-entry and password-change situations and offers to do them for you. You also can view and edit your password vault. Importantly, it also works on every browser that I have tried it with; just add it as a plugin or addon using the browser’s menu. Another big plus is that LastPass keeps your password vault in the cloud, so you can access it from any device with internet access once the software is installed on that device. Be sure and protect your password manager with a strong password that you can remember (see below for advice on how).
In some situations you may want or need more control over the length and makeup of passwords. Here is a link to a stand-alone random password generator that will generate strong, random passwords to your specifications. You then can copy and paste them wherever you need them and let your password manager remember them for you. This particular password generator is free, secure, self-explanatory, and allows the user to specify all of the parameters. (If you like it just click the link and then bookmark the page that it sends you to.) The inclusion of symbols (non-alphabetic, non-numeric characters) is selected by default but I always uncheck it because not all websites allow all of the symbols that it uses. If the site rejects the resulting password and says it must include a symbol you can just add one manually (they all seem to accept “@”.
There may be some who do not fully trust a password manager (or any other piece of software) not to go berserk without warning (me, for example), those who think a password manager sounds like too much bother, and of course there are always the truly techno-phobic. Here is a low-tech password management idea that can serve as either a backup or a substitute for a password manager. Simply open your favorite word processor or spreadsheet and create a table with six columns headed as follows: site name, url (web address, starts with http://, just copy and paste), your login name(often your email address), password, date, and comments (optional). Enter all of your site and password information into your table, adding rows as necessary. (Note: The ‘date’ column is there to remind you to change each password every few months or so. The more sensitive the site information (banks, brokerage accounts, etc.) the more frequently the password should be changed.) When you log in somewhere and are asked for a password that you don’t remember just open your password document and copy-and-paste. Use a random-password generator like the one above when you need to enter a new password or change an old one, then copy and paste it into your backup document and wherever else you need it. Protect the backup document with a strong password that you can remember (see below). I used this approach for many years before password managers were invented, and it never let me down. I still maintain it as a backup. It’s a little less convenient (more keystrokes) than a password manager, but it is low-tech and very reliable. Be sure to keep a backup in off-site (cloud) storage; I use Dropbox but there are many other options.
Adopting this approach means that you will need, at most, only two strong passwords that you have to remember: one for your password manager and one for your backup document. Use the tips in the ‘WordPress’ link above to create them. If that’s too much to read then here is a simple way to create a good password. Think of a phrase that means something to you, like the first line of a favorite poem or a lyric from a favorite song. Suppose, for example, that you have always loved Robert Frost’s “Stopping by Woods on a Snowy Evening,” the first line of which is “Whose woods these are I think I know.” You could start your password with the first letter of each word, alternating caps and lower case: wWtAiTiK. Then add a number that means something to you, perhaps the last four digits of your childhood phone number; e.g., 3629 (don’t use any part of your SSN because it’s probably compromised already). The result (wWtAiTiK3629) is easy for you to remember, or at least reconstruct, and virtually impossible for anyone else to guess. If you want it even stronger just pick a longer phrase and number. Remember, good password management is cheap insurance!