The importance of creating unique passwords
June 23, 2014
It seems that I have a ton of sites I visit that require passwords, and it may be that I've been lazy about selecting passwords for those sites, using the same password on a lot of them. I've heard that this isn't a good idea, and the recent Heartbleed scare really made me rethink my policies.
I'd like to create unique passwords for each site, honestly, but I don't have the time or patience to both create and remember all the unique passwords. Surely there must be a tool or web site that can make this easier?
We could not possibly stress enough how important it is for you to maintain unique passwords, different for every website that you visit, and we're certainly glad you've asked this vital question. We've written previously about password manager applications, that is, applications that can maintain all your passwords and fill them in on sites, as necessary. Using one of these applications, you need only remember a single password to log into the password manager — it does the rest of the work, maintaining the passwords and logging you into each site you visit for which you've stored a password using the application. The four most popular password-managing applications are LastPass (http://www.lastpass.com), 1Password (http://www.agilebits.com), Dashlane (http://www.dashlane.com), and PasswordBox (http://www.passwordbox.com). You can find a comparative review of these products from Wall Street Journal here: http://goo.gl/xtO16V. Another favorite, although not rated as highly, is RoboForm (http://www.roboform.com). We've tried all these applications over the past few years. Specifically, Ken recently spent a month with Dashlane after several months with LastPass. His opinion? Dashlane is certainly more attractive and easier to manage, but LastPass seems less intrusive and (once you get the hang of living with it), more reliable. All these products are available for Windows, Mac and mobile platforms, although Windows Phone isn't supported by all the products.
All the password managers provide browser add-ins, so they can intercede when you create a new password or need to log into a site. Each application provides a means of storing passwords, and each provides a means of filling online forms with information such as your name, email address, credit card information and so on. Once you set up the information in these tools, you should (in theory) never need to drag out your credit card when making an online purchase; you shouldn't even have to type your address when purchasing from a new vendor.
But the question at hand was aimed at creating new, safe passwords. All these tools, of course, include functionality to help you create and manage unique passwords for every site.
Having tried them both, Ken can verify that both LastPass and Dashlane provide a means of analyzing your existing passwords and can tell you how many sites you have set up that share the same password.
They can also indicate the strength of your passwords (the longer and more complex the password, the stronger it is). All the password manager applications provide a means of creating a new, randomly generated password for any site, and once you let the application create the new password, it can store it and supply it the next time you log into the site.
Ken recently embarked on a quest to replace all his existing "simple" passwords with new, random, complex passwords. He started the quest using Dashlane, and for the most part, the process worked reasonably well. Problems occurred at times when DashLane attempted to replace an existing password with a new one in its own storage.
Many times, Ken ended up with duplicate entries for the same site, leading to some serious confusion. He continues the task currently with LastPass and is finding the number of misfires less than with DashLane. Your experiences may differ, of course.
In any case, if you find that you use the same password on multiple sites, it's time to consider changing your ways. Most importantly, on your email and bank account(s), make sure that you use a unique password for each site. In other words, for email and banks, make sure you select a password that's difficult to guess and is significantly different for each site. (And never consider using one of the passwords listed on this description of the 25 most popular passwords: http://goo.gl/mzjBWy).
Check out LastPass, DashLane, 1Password or one of the other available password managers. Plan time to grow accustomed to the way the application works. It will certainly be intrusive and bothersome at first, but it will save you time, and most likely, your online identity, if you use it correctly.
Add identification to phone lock screen
I worry about losing my phone — there's nothing on the home screen that identifies me, or it. Is there some way to add text to a phone's home screen so that even while it's locked, someone who finds it would know whom to contact so I can get it back?
Although this situation is different for different phone types, we'll focus on the iPhone here (because it's the phone both Doug and Ken use daily).
It's true: Although you can select a photo to display on your phone's lock screen, there's no built-in mechanism for adding any identification to the screen, so that if you were to lose your locked phone (it IS locked, right? If not, shame on you!) no one would know to whom the phone belongs. (This actually happened to Ken once. He left his iPad in the seat pocket on a plane. Don't do that! Luckily, his call to the airline ended with a happy resolution, and he was soon reunited with his lonely, otherwise unidentifiable iPad.)
You really do need to identify your device on its lock screen so an honest person could contact you and return the device.
Luckily, there are applications that can help you with this problem. Ken did some research on this problem recently and found two likely iOS candidates: Both the apps, Lock Screen and Over, allow you to add text to an image, save it and then select it to be your lock screen image.
Once you've added your text (usually including your name, email address, and phone number) and set it up as your lock screen image, anyone who finds your device would know how to return it.
And although you could use these apps (or any of the others like them) to annotate and image and add it to your lock screen, Ken's friend Sue suggested an easier solution: Write your information on a piece of paper, take a picture of it, and use that as your lock screen image. Simple, free and done. Sometimes, the low-tech solution really is easier.
Whether you use an application to generate an image with text or you take a photo of a hand-written note, make sure you identify your device on its lock screen. If an honest person finds your device, you're far more likely to get it back if you do!
Doug Behl and Ken Getz spent years answering technical questions in private, and are minimizing the questions by pre-emptively publishing the answers. Hear Doug and Ken's tech tips on KNCO radio weekdays at around 8:21a.m. and 5:38 p.m.; find full write-ups including links to the products they mention at http://blog.techtipguys.com. Submit your own technical questions to email@example.com.