10 THINGS YOU NEED TO DO TO KEEP YOUR PASSWORDS SAFE (WITH CHECKLIST)30 of September 2018
You might see me reference a particular password management tool in this blog post, which is an affiliate link. If you click our affiliate link, LastPass will give us a small fee, but it won’t affect the cost of your subscription at all!
THE OLD SKOOL METHOD OF PASSWORD PROTECTION
Recently, on the way to Shenzhen International Airport, my father-in-law forgot his backpack on the metro. Luckily, we had realised quite quickly and my husband was able to contact a member of staff and had someone retrieve the bag. The problem: the bag had been found at the end of the line, and my in-laws were due to board a flight back home in less than an hour. Luckily, my FIL had his passport, wallet and phone on him, but the bag was still full of personal, and valuable items. Unfortunately, there was no way we could get all the way to the station and back before their flight left. So, after wishing them a safe flight and dropping them at the check-in desk, I headed to the station to collect the bag. Eventually, I located the bag and was asked to check through it. Camera, check. GoPro, check. Yeah, I know what you’re thinking, how come no one took this bag? Well, that’s another story. I took the bag and headed home.
Once they had arrived home after several flights bouncing around the US after their flight from China, my in-laws gave us a call to say they were back and mentioned the items in the bag. Whilst they could live without the cameras, my father-in-law couldn’t live without a small pile of papers, held together with a paperclip.
This pile of papers, it turned out, was his ‘database’ of passwords for EVERYTHING: banking, email, you name it. This isn’t uncommon, most people keep track of their passwords on paper. However, what was different about this ‘ingenious’ system was that he had also invented his own kind of ‘code’ to essentially have his passwords on view (on paper) but also hidden.
Obviously, only he knew the code, so if anyone was to find the wad of notes, they would probably have discarded them, after attempting, and failing to log in to an account or two.
CHOOSING THE RIGHT PASSWORD
I don’t think in all my years, I have come across this kind of password ‘security solution’, although it’s surely better than the ‘one password for all’ that many people follow, and it’s pretty likely to be ‘123456’ or ‘password’ (yes, really).
So, let’s talk about ‘bad’ passwords.
Most people probably already know what a bad password is, and also know that the one their using is extremely bad. It’s easy to get into the bad password habit because its one you use all the time and it’s easy to remember. Plus, you’ve never been hacked before now, right?
WEAK OR BAD PASSWORDS
The following password selection choices tend to produce weak or bad passwords that are easier to guess:
- Common names and names of family, friends, pets and places associated with you
- Keyboard patterns (computer keyboard and mobile keypads)
- Words from the dictionary
- Repetition of the same password for several accounts
- Using your login details
- Important dates such as birth dates and wedding anniversaries
- Using Leet Speak e.g. L33t Sp34k
- Using less than 8 characters
Actually, where this is concerned, my father-in-law, was probably on the right track with his special password ‘code’. The apparently random set of numbers, letters and symbols he used in his passwords, would probably take a lot longer to hack, because of their high entropy, unless they first hacked into his brain, or had an enigma machine.
The higher the password entropy is, the less likely it is to ‘guessed’. This is based on an entropy meter devised by Dan Wheeler called Zxcvbn and named after a common ‘keywalk’ password pattern that you should definitely stay away from!
HOW TO CREATE A STRONG PASSWORD
Whilst I’m not suggesting you create passwords in the same way as my DIL, according to WPEngine’s study on the password entropy of approximately 5 million Gmail accounts, suggests that the longer and more random the password, the higher entropy it should have. This also means it’s less likely to crack! It should contain a combination of the following:
- Upper and Lower case letters
- Symbols !@#$% etc
- No real words, including Leet
- At least 12 characters, ideally 16
This probably sounds a bit insane, but there are ways to solve this issue.
There are several password managers out there, that also generate passwords with high entropy, protecting both your personal and business accounts.
I personally use LastPass. I originally used it for free, but I quickly upgraded to a yearly subscription so that I could access my ‘vault’ on my mobile and tablet as well as on the web.
To save time trying to create a password that fits the above criteria, LastPass and many of the other password management tools allows you to generate passwords for new accounts you create online.
You can change your password criteria, including the number of characters you include, letter case and symbols. If you have the Google Chrome extension, LastPass can generate and then save a password online.
You can ‘test’ the strength of a password with this fun Password Check tool!
‘MANAGING’ YOUR PASSWORDS AND WHY YOU SHOULD BE
Years ago, I was one of those people using a slight variation of the same password for EVERYTHING (I know, right).
I started working for an educational website several years ago, after being a teacher in China for 3. Initially, I was handed a working doc of passwords for various social media accounts, but eventually one of my colleagues suggested LastPass. Actually, everyone in the office ended up using it (making the most of the friend referral program!) in order to create, store and share our passwords.
Lots of people keep their passwords on post-it notes, written on scrap paper or more recently, in a Bullet Journal. I’m not being critical of Bullet Journalers btw, I’m a big fan!
View this post on Instagram
Here’s a closeup of my social media username and passwords page! #bulletjournal #bulletjournaling #bulletjournallove #bulletjournaljunkies #bulletjournaladdicts #bujo #bujojunkies #bujoplanner #bujoideas #bujospread #socialmediaplanner #socialmediapasswords #journal #journaling #icon #icons #draw #sketch #moleskine #moleskineplanner #moleskinesketchbook #tentacles #macbookpro #micron #micropens
Some keep them in a document or spreadsheet on their personal computer.
I’m not sure if these are the safest options since anyone can find your notebook or open the document on your computer, but there are other reasons why these are probably not the best methods to record your passwords.
First, what happens if you lose your notebook, or throw away that scrap of paper with important business account passwords on it? I have approximately 250 passwords saved in my LastPass vault, and I think losing all of those passwords would be a pretty major screw up for me, and a pain in the ass for my colleagues and business partners.
Second, if you follow the criteria for a strong password above, each time you have to enter a password, you need to type out approximately 16 random characters.
How long did it take you to type the following?
It took me around 38 seconds to type out this password, although I did spend several seconds blanking on the location of the upwards pointing caret ‘^’ character.
It took less than 2 seconds for my password to automatically appear in the password bar when signing in online.
OK, so I know 36 seconds more isn’t that much for one password, but if you have an online business, or you spend a lot of time online, then you’re probably going to do this several times over the course of a day.
Using a password manager like LastPass is certainly convenient, and if you have an online business or lots of personal accounts, it’s an affordable way to keep all your passwords safe, on hand and automatically generated with high entropy (yay!)
SHARING PASSWORDS SECURELY WITH YOUR FREELANCERS
As I mentioned above, when a colleague recommended using LastPass, everyone in the office began to use it to share passwords safely. Since we began using LastPass, they now offer options for teams and big businesses as well as personal accounts.
As you may know, SOP Templates is all about saving time and energy on tasks you either don’t want to do or can’t do yourself. If you’re working with freelancers, chances are you’ll need to send them login details and passwords for them to access your social media accounts, website etc. Not only can you share (and unshare) your login details and passwords with just an email, but you can also prevent whoever you share your passwords with from actually viewing the passwords.
Once you’re finished working with your freelancer, you can then unshare your login details with them.
Of course, you can easily share your login details over the freelancing platform you’re using and change the passwords afterwards.
Think you might need to have a password security overall? Improve your password security by downloading and following our 10 step checklist to keep your passwords safe!