Let’s be honest: it’s impossible to remember a different password for everything! In my case, I currently have passwords for 594 separate sites and services, including work and personal email, productivity, business, financial, retail, and other accounts. While this number would have been unfathomable to me 15 or 20 years ago, I’m guessing that – if you really think about it – it’s not wildly out of line with the number of passwords maintained by most readers of this blog.
Please Don’t Reuse Passwords
Given that, it’s unreasonable to expect that anyone will remember a unique, complex password for every one of the hundreds of sites and services that we use. Many years ago, my approach – DO NOT DO THIS, to be clear – was to choose a few passwords that I thought were strong, and use the same passwords – or slight variations on the same passwords – for everything. If I wanted to log in to the gardening site I use to buy seeds each year, for example, I’d try potential password #1, potential password #2, and so on until I found the one that I used for that site.
This approach is highly problematic, in large part because when one of your passwords is discovered – through brute force attacks (trying passwords over and over), a data breach, or any other method – the password can then be attempted with your email account or common usernames on thousands of other sites and services. If I use the password “thispasswordissogreat!” when I sign my child up for a basketball camp, for example – which may not be the most secure registration site in the world – a breach of that site could be hugely impactful if I also use the same password for my credit card account with a major financial institution.
Please Don’t Write Down Passwords
Along the same lines, I can recall many times when a family member or colleague has confessed to me that they keep all of their passwords written down on a notepad, a sticky note, or in another easily-accessible location. Worse yet, I’ve been in offices where the occupant’s password list was actually posted on a piece of paper that was visible to anybody who walked in. While physically-documented passwords may seem secure, it’s important to remember how many people – students, visitors, other staff, and children, for example – have access to our offices and classrooms when we’re not necessarily there.
So what do I do? Use a password manager!
So I’m telling you that you should use unique, complex passwords for everything, and that you can’t write them down. What do you do?
Maintain your passwords with a secure password management application!
Right now, I only have two passwords memorized, including my ICCSD network password that is not documented anywhere, and the password to my password management application. All 592 of my other passwords are stored in my password manager, protected behind a very long, secure password management password and multi-factor authentication. As you consider using a password manager, follow these best practices and you’ll be able to maintain unique passwords with tremendous peace-of-mind:
- Use a long (16-digit plus) password for your password manager. To make it easy to remember, use a passphrase! For example, ireallylovetacos is 16 characters, incredibly hard to crack, but easy to remember and simple to type.
- Turn on multi-factor protection. This ensures that even if somebody guesses or steals your password, they won’t be able to log in to your password management application. For added security, use app-based authenticators rather than SMS (text) verifications.
You can even get a password manager for free!
Best of all, ICCSD staff members can request a license for a professional password management application at no cost. Simply contact our Technology Help Desk and request access to our password manager, and we’ll get you set up.
These simple steps can dramatically improve your online safety, protecting both your professional and your personal identity and resources.