Password Management

I have a few post drafts that need finishing, but I want to talk about passwords.

I’ve been unhappy with my passwords for a while. I had a very small set of commonly used passwords depending on what kind of site it is. The best password is for my bank account, obviously. That one doesn’t get used anywhere else. Then other important stuff: sites where you buy things, email, heavily personal information and similar had the same password. All my bloggy-type sites had the same password, and pretty much anything else had my most common password.

Four passwords? Heck, it’s practically only two when it comes to the vast majority of sites that want me to log in. This upsets me.

I wrote up a scheme, originally, to help me manage my passwords. If I can remember 4 passwords and my own phone number without a problem, then theoretically I should be able to remember 8 or 10 passwords. Then I can break down sites: bank, e-mail, social network, e-commerce, picture hosting, music sites, bloggy stuff, roleplay and writing…. Then again, shouldn’t e-mail all have different passwords? I don’t want someone to easily access all my e-mails. That’s pretty much taking everything from me.

It’s obviously a big job. Besides, my current password system involves a small sheet of paper that’s about 8 years old tucked away in a wallet.

I could really only make things worse for myself if my passwords were all “abc123” or “password.”

At first, I looked into some password management software. I liked the idea of having everything on a USB drive. Then i remembered: I have an android phone. Welp, that idea was out. I scrapped it and started on my quest of changing passwords. I made a list of websites I used to fit with my type list, and a “minimum security” style for each. For e-mails, I really wanted to use long passphrases with at least one number and symbol, if not more. Less important sites don’t even support passphrases so they would have to have at least x numbers and symbols, and of at least y length, each depending on how much I care if someone breaks in or not. I wrote this all down and developed passwords for each.

Still unsatisfied, I look into things I CAN use with my droid. Apparently dropbox can be used with many password software packages and quite a few of them have apps for Android phones. That’s perfect!

So I downloaded keypass and installed it on dropbox, downloaded the keepass app onto my droid, downlaoded ChromeIPass for my browser, and tried it out with a few unimportant sites.

The good:

  • They work well with little extra effort past the initial setup
  • There is an option to generate passwords, including what kinds of characters to use, what length, and even a pattern you might want.
  • You can also just type in whatever password you’ve made yourself

The bad:

  • I have yet to figure out what to do in the case of using someone else’s computer
  • You can’t generate a password using a real word, so there’s a low chance that you won’t remember any generated passwords
  • You have to trust the software with your passwords
  • Where do you put the key files? Normally the idea is for them to be on a USB drive so nobody can log in, even if they know your password to keepass. However, with an Android….

Some of the issues are obviously solved with extra work (or, really, work I’ve already done) on my part. I’ll probably be moving everything to keepass slowly, in the same way I rolled out my passwords earlier: one “group” at a time.

I clearly still have a lot of work ahead of me, and I’m pretty sure that I don’t have a truly good answer yet, but I wanted to put this out there. Passwords are a hassle, but the security is worth it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: