How to Manage Your Online Passwords
There are a number of rules that the experts tell us about online passwords:
- Never use a password that includes names, numbers, or places from your life.
- Never use the same password twice.
- Never write down your passwords.
- Never store your passwords on your computer or your phone.
- Never give your passwords to anyone else.
Password Rules Are Hell
According to the rules above, you’re supposed to use a different password for every account you have online.
The passwords you use should not contain anything from your life, i.e., people, pets, places you’ve been, favorite teams, or anything else that somebody might guess you would use.
Not to mention, you should keep no record of your passwords, anywhere. And you should trust absolutely no one with your passwords.
Does any of that sound doable to you? Heck no. It’s classic circular logic. Catch-22. Absurd. Impossible. It’s Password Hell.
Most of Us Break the Password Best-Practice Rules
All these great rules leave us right where we started: nowhere. Most of us do what humans naturally do – we cheat.
Either we use names and places that mean something to us to help us remember our passwords, or we use the same password everywhere, or we write our passwords down on a piece of paper, or we store a “secret document” on our laptop with a list of all our passwords. Or any or all the above. Is this you?
How Can You Possibly Follow the “Good Password Practices” Rules?
I want to share a secret: you can follow all the rules you’ve been told, except for one, and you can do so easily and safely. So, what’s do we do, exactly? Break Rule #5: Never give your password to anyone else.
Now why in the world would I suggest you do that? Because it’s the best of all the unattractive, risky or downright foolhardy choices you can make in your password management.
I’m not suggesting that you give your passwords to your spouse or a friend to remember for you. Not only would that be a bad idea, it’d be downright impossible for either of you to manage.
I’m suggesting that you use a trusted, respected, professional password management service. There are many out there. LastPass is one with an excellent reputation, and it’s the one that I use. And P.S., LastPass offers a free option.
It works like this: You set up an account with LastPass and create one super-duper, hard-to-guess but, for you, easy-to-remember password for that account.
And that’s it. You will never need to create nor remember any other password again. Just one super-important master password, for the rest of your life.
Once you’ve set up your account, LastPass will generate a new, random password for you whenever you need one. When it generates a password, it will remember it for the website you’re using at the time.
Then, when you come back to that website later, LastPass will, upon your command, fill in your username and password for you. And, if you need or decide to change your password on a website in the future, LastPass will update the change in its records, too.
Why Should I Trust a Password Management Service Like LastPass?
LastPass, and other services like it, is in the business of creating and protecting password banks for its users. It has several levels of security incorporated into its process.
A whopping 7 million people use LastPass. Major companies use LastPass. It has earned a reputation for trustworthiness. It is a good company.
Sure, you could say, “I don’t know them, I can’t trust them.” But you could say the same thing about the people who handle your money in the bank, couldn’t you?
Frankly, unless you want to continue to leave yourself open to the possibility of password theft by using the same password everywhere, or using easy-to-guess passwords, or by writing your passwords down somewhere, your only real option is to honor the first four rules I listed at the beginning of this article, and then “break” rule number 5 and trust in a password management service, and use it religiously.
Is There a Catch to Using a Password Management Service?
Of course, in a way, there is a catch. It’s this: You need to create a hard-to-guess password, and you need to remember it. Really, really remember it. And you should not give it to anyone else – not a soul.
It’s not that a trusted friend is likely to sell you out. More likely, your friend may not do a good job of keeping your password safe, in which case it could get into evil hands.
Obviously, you should not write your password down. So, that’s a bit of pressure. But if your master password is the only one that you will ever need to remember, it sounds doable. You can memorize it just as you do your lifetime government ID number.
If you’re nervous about one day blanking out entirely and irrevocably forgetting your master password, you can always write it down and store it in a safe deposit box or a home safe or in some other super protected spot. After all, we’re all human. One last-resort safeguard isn’t a bad idea.
Do you use the same password for multiple sites, and secretly feel guilty about it? Do you keep a piece of paper near your computer with all your passwords written down? Do you use a password management service? How has it been for you? Please share the service that you use and any advice you may have.