General. We now have a password-protected Members section, so let’s talk a little about password management. We all have too many passwords to remember, especially if we use strong ones like we should. Some people ignore the problem and just hope they don’t get burned by just using one simple password for everything, but that’s an open door to hackers and identity thieves. Here is a link to some good, practical advice on managing passwords from WordPress, the firm that wrote the software that powers this website. Bottom line: use a password manager.
Which Password Manager? Lots of apps now offer to remember passwords for you; e.g., most of today’s browsers boast built-in password managers. For what it’s worth, the reviewers I trust the most say to stick with the independent, stand-alone password managers. Read up on password managers and try the one that sounds best to you. Here are links to PC Magazine’s reviews of premium (paid) and free password managers for 2018. Any search engine (Google, Yahoo, etc.) can find lots more information for you.
LastPass. I have been using LastPass for several years and swear by it. The free version is good, but the Pro version is cheap and I think the extra features are worth every penny. It remembers all of your visited websites and their passwords, and fills in the password automatically when you visit them again (very nice!). It can generate, enter, and remember random passwords. It even recognizes most password-entry and password-change situations and offers to do them for you. You also can view and edit your password vault. Importantly, it also works on every browser that I have tried it with; just add it as a plugin or add-on via the browser’s menu. Another big plus is that LastPass keeps your password vault in the cloud, so you can access it from any device with internet access once the software is installed on that device. That way you are always working from the same password list. Be sure and protect your password manager with a strong password that you can remember (see below for tips on how).
Change Passwords Often. Passwords should be changed regularly, a real hassle without a password manager. Some password managers offer the option of changing some passwords automatically. They actually link to each site using that site’s password-change procedure, generate a strong random password, then enter and remember it. It requires site-specific programming and must be constantly tested and maintained by the developer, so it generally is offered only for the more popular sites. LastPass has that option for many sites and keeps adding more.
Custom Passwords. In some situations you may want or need more control over the length and makeup of passwords. Here is a link to a stand-alone random password generator that will generate strong, random passwords to your specifications. You then can copy and paste them wherever you need them and let your password manager remember them for you. This particular password generator is free, secure, self-explanatory, and allows the user to specify all of the parameters. (If you like it just click the above link and then bookmark the page that it sends you to.) The inclusion of symbols (non-alphabetic, non-numeric characters) is selected by default but I always uncheck it because not all websites allow all of the default symbols. If the site rejects the resulting password and says that it must include a symbol then you can just add one manually (they all seem to accept “@”).
Alternative to Using a Password Manager. There may be some (me, for example) who do not fully trust a password manager (or any other piece of software) not to go berserk without warning, those who think that using a password manager sounds too hard, and of course there are always the truly techno-phobic. Here is a low-tech password management idea that can serve as either a backup or a substitute for a password manager. Simply open your favorite word processor or spreadsheet and create a table with six columns headed as follows: Site Name, URL (web address, starts with http:// or https://, just copy and paste to populate), Login Name (often your email address, set when first registering with the site), Password, Date, and Comments (optional). (The ‘date’ column is there to remind you to change each password every few months or so. The more sensitive the site information (banks, brokerage accounts, etc.) the more frequently the password should be changed.) Enter all of your site and password information into your table, adding rows as necessary. When you log in somewhere and are asked for a password that you don’t remember just open your password document and copy-and-paste it wherever it’s needed. Use a random-password generator like the one above when you need to enter a new password or change an old one, then copy and paste it into your backup document and wherever else you need it. Protect the backup document with a strong password that you can remember (see below). I used this approach for a good many years before password managers were invented, and it never let me down. (I still maintain it as a backup, being a belt-and-suspenders kind of guy.) It’s a little less convenient (more keystrokes) than a password manager, but it is low-tech, very reliable, and much less trouble than having to go through the site’s forgotten-password drill every time you forget one. I keep it open in a window just to have it handy. Be sure to keep a backup in off-site (cloud) storage; I use Dropbox but there are many other options.
Creating Strong, Memorable Passwords. Adopting the above approach means that you will need, at most, only two strong passwords that you have to remember: one for your password manager and (or) one for your backup document. Use the tips in the ‘WordPress’ link above to create them. If that’s too much to read then here is a simple way to create a good password. Think of a phrase that means something to you, like the first line of a favorite poem or a lyric from a favorite song. Suppose, for example, that you have always loved Robert Frost’s “Stopping by Woods on a Snowy Evening,” the first line of which is “Whose woods these are I think I know.” You could start your password with the first letter of each word, perhaps alternating lower case and caps: wWtAiTiK. Then add a number that means something to you, perhaps the last four digits of your childhood phone number; e.g., 3629 (don’t use any part of your SSN because that’s probably compromised already). The result (wWtAiTiK3629) is easy for you to remember, or at least reconstruct, and virtually impossible for anyone else to guess. If you want it even stronger just pick a longer phrase and number.
Remember, good password management is cheap insurance!