Saturday, May 3, 2008

Organizing the Passwords

password on sticky on computer screen

Passwords for your computer, your e-mail, your on-line banking, your on-line purchases (one for each company), your on-line subscriptions - it goes on and on. And then there are the PINs for your bank cards, too.

How do you organize all of this confidential information? There are a number of places to store the information, some better than others, including:

1. In your head.

2. On little sticky notes on the side of your computer.

3. On little sticky notes all over the place.

4. On paper, in some organized fashion.

5. On your computer, in a text file or a spreadsheet. The file may or may not have a password of its own, and may or may not be encrypted.

6. On your computer, using a password management program.

7. On another computer that you access through the internet.

In looking for expert advice to share with you, I came across this recommendation from security expert Bruce Schneier:
You can't memorize good enough passwords any more, so don't bother. Create long random passwords, and write them down. Store them in your wallet, or in a program like Password Safe. Guard them as you would your cash. Don't let Web browsers store passwords for you. Don't transmit passwords (or PINs) in unencrypted e-mail and Web forms. Assume that all PINs can be easily broken, and plan accordingly.
(If you're really interested in this topic, you might want to read the comments regarding this advice.)


black spiral notebook (plain cover) for writing down internet passwords; shows internal page, too

If you'd like to go with option #4, you could try using the Internet Password Organizer. Innovention Lab was kind enough to send me copies for my evaluation, and the quality seems to be quite good. Another similar product (that I haven't yet seen) is the Password Directory; it seems to have a soft cover rather than the hard cover on the Internet Password Organizer. To add an additional level of security, you could follow the suggestions from Paul Theodoropoulos regarding obfuscating the passwords when you write them down.

5 comments:

Cynthia Friedlob said...

Loved the article and comments about obfuscating passwords! What a bunch of great ideas for making your passwords more difficult to crack.

As for the special Password Organizer and Password Directory, they appear to be no more useful than a plain ol' address book. Am I missing something?

lissanne said...

Anonymous Lissanne / SORTED! said...

Hey Jeri - I love your ideas for keeping passwords sorted. I decided some years ago to keep a small book with my passwords and logon user details hidden near my computer. It works a treat - even though I am organised, I certainly don't have a good enough memory in my brain for all that detail!

My book is a bit more of a 'catch all' than that though: I also store useful info like the dates my subcontractors started and other key information about them like their rates and increase dates: the PMS colours I use for my stationery and my book's ISBN etc.

Saves me a lot of time and mucking about!

Jeri Dansky said...

Cynthia, the Password Organizer is sort of like a nice address book, with a few tweaks. Instead of having places for name, address, phone numbers(s) and such, it has fields for Web Page, Username, Password and Notes.

There are also special sections for Internet Server Provider information, home network configuration,software license information, and misc. notes.

So it's like an address book customized to the types of computer information most of us need to keep track of.

But sure, you could use a nice address book just fine. And since it would look like a basic address book, it's not a place someone is likely to look for passwords.

Lissanne, I think any of us with more than a few passwords will do best to have them recorded in some manner.

I'm currently using a text file on my computer, with an innocuous name. Like you, I use that file for more than passwords - it holds a number of tidbits of information I need to refer to and am unlikely to remember.

I also don't store the password itself, but rather "clues" that will tell me what the password is but won't mean much to anyone else. But I love the obfuscation techniques in that article I linked to - I just found that last night - and might decide to start using some of those.

Tara Kelly said...

I completely understand the need to keep passwords safe and organized (of course, I founded an online password manager - I personally have 300+ passwords!!).

That said, with this book, you still need to look up and type the password every time you want to login to a site. If you're using obfuscation techniques, then further thought is required before actually logging in. Just doesn't seem worth all the extra effort.

Using a password manager is just easier, especially if it automatically logs you into websites - no typing, no flipping through pages to find stuff.

Article with short video:
Check Passwords off the To-do list.

Cheers,
Tara
PassPack Founding Partner

Jeri Dansky said...

Tara, if being a professional organizer has taught me anything, it's that no one tool works for everyone. Some people will want to use password management software (yours or one of the others) and some will prefer a paper-based alternative.

I'm glad we have all these options, so each person can find one that works well for him or her. Thank you for creating another alternative worth exploring!