What to do with passwords

Leave a reply

Passwords have become the keys to — not just my online life — but my real life.

  • My bank
  • Online vendors like Amazon that have my credit card information
  • Email and social media connections with my family and friends
  • My health services
  • My social security
  • Movies I watch
  • My trip reservations
  • My utilities

.. and on and on.  I just checked and I have 63 password-protected accounts.  I know better than to use the same password across accounts; that way, if one gets hacked, they’re all hacked.  So, 63 different passwords to vital stuff.  If I lose one, suddenly I’m looking at a struggle to reopen the door to that part of my life.  And if somebody else gets one — well, that doesn’t bear thinking about.  What to do with them all?

Here are the things I’ve tried over the years to take care of passwords, and why I’ve moved on.

  • Don’t worry about it, just make up passwords whenever.  Then one day a password doesn’t work.  I click “Forgot my password” and it says it will send me an email with a way to get back in.  Only it doesn’t, or I don’t get the email for some reason.  Or it asks me security questions, but I can’t remember which pet I said was my favorite, or whether I used my first teacher’s second name or my second teacher’s first name.
  • Write my password on a post-it and stick it to my monitor.  Now everybody else can see my password.  Or, somebody steals my computer (yes they will).  Or, it falls off and gets lost.  Anyway, how can I see the screen when there’s 63 post-its in the way?
  • Keep a written list separate from the computer.  Then one day a password doesn’t work, even tho it’s on the list.  I must have reset it and forgotten to write it down.  Or, I don’t have that list with me.  Or, it fell out of my wallet at the ATM.
  • Keep a text file on each computer.  But it’s hard to keep all of the passwords on all of the files up to date.  If a disk drive has a head crash (yes they will), there go all the passwords.  If bad guys steal my computer, as a bonus they get my passwords too.
  • Put them in an Excel spreadsheet and have Excel encrypt it.  Good idea, but what if I’m not near that computer?  And I can still lose them to a head crash.

    Screen Shot 2013-06-04 at 1.43.23 PM

    Spreadsheet columns

  • Upload the encrypted spreadsheet to MyDrive on Google.  Now I can access my passwords from anywhere where there’s a computer that has Excel installed.  But Excel is expensive; and it won’t run on my iPad.
  • Load the passwords into a Google Docs spreadsheet.  Now I can access it from any device that has a browser, with no need for Excel.  But so can the Chinese People’s Army.  If anybody hacks my email account, I’m naked.
  • Put the Excel spreadsheet (unencrypted) in a cloud storage system with encrypt/decrypt access via a client program on any device, so there’s no usable passwords on the cloud.  Hmm, sounds complicated and expensive, but — head crash, burglar, lost wallet and Chinese hackers notwithstanding —  this would work, right? 

It turns out that encrypted cloud storage isn’t complicated or expensive.  For example, Wuala offers 5 gigabytes of free encrypted cloud storage, accessible via a free client program that mimics a disk drive on my computer.  I start Wuala and identify myself; then all I have to do is click on a file in Finder (Windows folks, read “Windows Explorer”)  to open my password list.

  • I don’t have Excel on my iPad, but on that device the spreadsheet opens in a viewer program.
  • If I can’t or don’t want to install a client program, I can access the file in the cloud via a browser/Java combo without installing anything.

Now, I’m not going to tell the CPA “Bring ’em on!”   But I think I’ve finally hit on a free way to always have my passwords and never let anyone else have them.  Suggestions if you decide to give this a try:

  • Don’t tell the client program to remember your cloud storage password.  If you do that, anyone who gets access to your computer has you naked.  You need to remember this one password.  But you can do it; it’s certainly easier than remembering 63 of them.
  • In general, don’t let your browser remember passwords for you.  Or if you do, forget about encrypted cloud storage of passwords.  What’s the point of locking the front door when your house has no back wall?
  • In addition to your password list, store a screenshot of your iPad/iPhone’s internal security identifiers.  If it’s lost or stolen, this information will let you find it or “brick” it (make it inert so a thief can’t access your personal data).

On the iPad, start Settings (gears icon).  In the left pane, select General; in the right pane, select About.  Fields to include in the screenshot:

  • Carrier
  • Model
  • Serial number
  • Cellular data number
  • MEID

Leave a comment