Alternatives to Password Managers
What is a Password Manager?
Password managers are software applications that automatically provide your passwords to the websites, e-mail accounts, and portals that you use. With a password manager, you only have to remember the master password to the application, rather than all the individual passwords to your accounts. Password management applications include LastPass, Dashlane, Sticky Password, KeePass, and 1Password. Geoffrey Fowler’s article in the Washington Post discusses differences between each password manager.
Many browsers also have settings which allow for saved passwords, sometimes referred to as keychains. These include Google Chrome password manager and Apple Keychain password manager.
Where are My Passwords Stored?
The majority of these applications store your passwords in the cloud so that they are available regardless of your location or physical terminal. A few password managers simply load these passwords onto your local computer, in which case you must be at that physical computer for the application to work. Some password managers, like Apple Keychain, save to a physical computer but can be uploaded into iCloud. Locally-stored passwords often do not require a password to enter the browser, so if someone else logs onto your computer, they may have access to your entire password keychain. Even with a password manager that requires a master password login, unfortunately not all saved passwords are safe passwords.
The Downside of Password Managers
The downside to the password manager approach is that applications in the cloud do get compromised, and your computer is only as secure as you allow it to be. Avoid using convenience as an excuse for cyber security. Keep your identity safe by considering password management alternatives. This new approach is totally free, but it requires some thought on your part. However, if you follow this approach, you should be able to generate complicated passwords that you can remember and not have to create more than 15 passwords for all of your accounts.
In security, the cardinal rule is never use the same password for multiple accounts. While this is generally excellent advice, it also assumes that a compromise of your online bank account has the same impact level to you as a compromise of your Pinterest account. Thus, the first step is to group your accounts according to severity impact.
How Do I Rate Password Severity Impact?
Severe Impact RatingRate your account impact as severe if:
- Loss of money or exposure of personal information could damage your reputation
- Any adverse affect would require sustained effort to remedy the event
- Online banking accounts
- Healthcare portal, if this includes information that you want to remain confidential
- Main business account, especially if it contains confidential information about your company
Serious Impact RatingRate your account impact as serious if:
- Unwanted access could result in loss of charge card information
- Unwanted access could compromise your business network
- Any adverse affect would require some effort to remedy the event
- Accounts containing charge card information (Amazon, Travelocity, PayPal, etc.)
- Accounts containing your main personal e-mail account, Facebook, or Google business accounts
Limited Impact RatingRate your account impact as limited if:
- Loss or compromise of information is meaningful only to you
- News feeds
- Spam e-mail accounts
- Social networking accounts. Note: Do not put any useful personal information on social networks accounts. Remediation would consist of simply changing the password.
Three Steps to Create Strong Passwords
Step 1: Group Accounts by Severity Impact
Once you group your accounts, you should have unique passwords for every account in the severe impact category. You can have one password for all the accounts that use the same credit card information. Why? A compromise of any account is a compromise of all accounts since the remedy is to change the charge card number. You should be able to group other accounts in a similar fashion. That is, a compromise of one account would be a compromise of all accounts. The limited impact group can all have the same password since there is minor impact if these accounts get compromised.
Step 2: Initialize Memorable Phrases
Now that you have your groups, you need some complicated passwords. Don’t use traditional “passwords.” Instead, use easy-to-remember pass phrases related to each account. For instance, for your bank account, you may think of the phrase “The love of money is the root of all evil.” Use the first letter of each word to initialize this memorable pass phrase, and it becomes Tlomitroae.
Strong Password Examples:
- Healthcare – Health-related phrase. “A spoonful of sugar helps the medicine go down” becomes Asoshtmgd
- Business – The company tag line or advertising slogan. “Disney, the happiest place on earth” becomes Dthpoe
- Personal (online photo album) – Memorable event from a photo album. “Fido was adopted from The Humane Society” becomes FwafTHS
Step 3: Insert Special Characters and Numbers
Next, insert a special character. Finally, add a date that is significant to you, as long as it is not your birth date, anniversary, or any date that is commonly known. For instance, the Fourth of July reminds me that “fireworks” go off when my account is breached. Assuming my special character is “@,” the finally password would be Tlomitroae@0704. With a bit of thought, you can generate easy-to-remember pass phrases and passwords.
Strong Password Examples:
- Healthcare – Date of surgery was March 31. Original pass phrase becomes the password Asoshtmgd@0331
- Business – Business opened on October 2014. Original pass phrase becomes the password Dthpoe$1014
- Personal – Date of pet adoption was around Christmas. Original pass phrase becomes the password FwafTHS!1225
Complete the final steps with the serious and limited impact accounts that you grouped together. Done correctly, you should have about ten easy-to-remember passwords to all your accounts. Best of all, this alternative password manager method is free, and there is no cloud application that can be compromised.
Keep Your Identity Safe
In addition to creating the best password possible, follow these necessary security strategies for every account.
- Have a single credit card for all your online transactions. If this card is compromised, you still have another valid card for the transactions you make in person.
- Create a disposable e-mail account for when you must provide an account for a service or newsfeed that you are unsure you really want.
- Review your social media accounts and who has access to these accounts. Limit distribution to friends and family – not friends of friends or public. Delete anything that could be used as an answer to a security question. If the information is already out there, go to your active accounts and assure you select security questions for which only you know the answer.
- Update your operating system and applications on a regular basis.