A Guide to Using Passwords Without Distraction

One of the biggest distractions of modern life is passwords. Many web services and forums require that you set up a separate user name and password. You have to develop and maintain a system to remember it all. And you have to enter these user names and passwords many times per day.

Even the lightest of users may have a dozen or so online accounts and heavy users have hundreds. How do you keep track of all these passwords?

Continue reading “A Guide to Using Passwords Without Distraction”

A Base Phrase Approach to Password Management

Password management software is a great way to manage passwords, as I write about herehere and here. However, it is possible to manage passwords quite well without software, using what I call a “base phrase approach”. The basic idea behind this method is to pick a phrase or word. Transform it into a very strong base password, to which a few letters are added for each different account.

I have been reluctant to post this article as I continue to strongly believe that using a password manager is a much better approach for most people. But having seen a few articles recently describing how to manage passwords without a password manager, I felt the time was right to complete the series on password management.

Read on for specific, detailed examples of how to implement the base phrase approach.

Continue reading “A Base Phrase Approach to Password Management”

32 Million Skyrock Passwords Stolen and What You Should Do About It

On May 21, 2010, Skyrock informed users of their social network and blogging platform to change passwords (mots de passe), because of an intrusion detected on May 19. Skyrock does not know what the intruder accomplished. If the password list was stolen, then the passwords of all 32 million users were compromised because they were stored as plaintext.

What should you do if you are a Skyrock user? What should you do if you are not a Skyrock user?

Continue reading “32 Million Skyrock Passwords Stolen and What You Should Do About It”

Password Management for the Average Joe

If you’re like most home computer users, you use the same 2 or 3 passwords for your various accounts and your passwords are easy to crack. As you keep reading news reports about hacked accounts and stolen identities, you think you should do something about your passwords, but you keep putting it off.

<div xmlns:cc="http://creativecommons.org/ns#" about="http://www.flickr.com/photos/wysz/44830826/"><a rel="cc:attributionURL" href=

Like personal security, password management is something most people don’t think much about until after something bad happens. Unfortunately, the Internet is not secure. Just as you need to be “street wise” when venturing onto streets, you need to be “net wise” – especially with passwords – when venturing onto the Internet. Because, like it or not, your passwords are currently the main barrier between you and the bad guys.

Most password management advice seems designed to torture you as opposed to help you. For the average Joe with average security needs, password management advice needs to be simple and usable, not just secure. Luckily, there is a reasonably secure form of password management that is simple and usable. Here it is:

Continue reading “Password Management for the Average Joe”

Use a Password Manager to Assign Unique, Random 15 Character Passwords for all Accounts, Protecting them with a Strong Master Password

Securing a computer is hard. A highly skilled hacker can easily break into to your accounts or computer. But the same can be said of home security. A highly skilled thief can easily bypass a locked door or alarm system.

Most thieves are not highly skilled, and even thieves with greater skill prefer easier targets. So locking doors will discourage many thieves, and a big, barking dog will discourage even more.

The same is true with hackers – most are not highly skilled and even those who are prefer easy targets. If you are a typical consumer without data of great value to criminals, then using a password manager as I describe here can act as the equivalent of a locked door combined with a barking dog, an alarm system, and a sprinkler system – which will keep out all but the most highly skilled and determined hackers.

Unfortunately, the way most people manage their passwords can be easily exploited by automated malware or as part of larger attacks that harvest thousands of passwords. Even more unfortunately, the vast majority of advice about password management is either misguided or too complicated. In this post I explain why I believe using a Password Manager (to assign unique, random 15 character passwords for all accounts, protecting them with a strong master password) strikes the best balance of usability and security for the average Joe.

The title of this post sums up the password management approach that I believe provides the most benefit for the least effort. In the rest of this post, I explain why.

Continue reading “Use a Password Manager to Assign Unique, Random 15 Character Passwords for all Accounts, Protecting them with a Strong Master Password”

Which Password Manager?

There are dozens of password managers, including some built into browsers. Many of them do the basic job you need, which is to use a master password and strong encryption to securely store your passwords. More important than selecting the “best” password manager is to use such software wisely. I describe how to use a password manager here (basics and index to password series) and here (tips).

If you’re already using and liking a password manager not mentioned in this post, by all means keep using it so long as it offers master password protection in combination with strong encryption. While most password managers offer password import and export functions, the actual practice of switching password managers and learning a new one is cumbersome.

However, if you’re selecting a password manager for the first time or dissatisfied with your current password manager, you may as well benefit from my efforts to identify the best password managers for individuals. My efforts included extensive use of two password managers and poring through hundreds of reviews, forums, and comments about many others.

Continue reading “Which Password Manager?”

Tips For Wise Use of Password Managers – Including Master Password Selection

In the first post of this series, I describe four steps to secure your passwords with a password manager. This post describes a number of additional tips for using your password manager software most effectively. The “Tips for Standard Use” section is for everyone. The “Tips for Extra Password Security” section is for those who need additional security, with less regard for convenience.

Continue reading “Tips For Wise Use of Password Managers — Including Master Password Selection”

Bad or Useless Advice about Password Management

I’ve read dozens of tutorials and guides on how to manage passwords. I dislike most of them for the simple reason that they are far too cumbersome to implement and have you memorize a dozen or more rules without telling you why. The only way an average person will use secure passwords is if it doesn’t take up too much time and attention. Here are a few pieces of advice on password management dissected and dismissed:

Continue reading “Bad or Useless Advice about Password Management”

How Attackers Steal Passwords

Many people don’t understand how easy it is for attackers to take advantage of weak passwords, and therefore don’t use a password manager or other means to make their passwords stronger. This post describes 9 common ways passwords get captured, roughly ordered from most to least common. Proper use of a password manager can thwart some of these attacks and limit damages from most other types of attacks.

Continue reading “How Attackers Steal Passwords”

The Usual Way to Manage Passwords and How Attackers Exploit it

According to various studies, most people use the same few passwords for all of their accounts, most of these passwords are weak, and many people don’t realize how weak their passwords are. Using the same 2 or 3 passwords for many accounts is analogous to storing all of your keys under the outside doormat of your locked front door – it doesn’t take much effort for a thief to have access to everything.

In this post, I describe the typical home user system for managing passwords and how attackers exploit this system.

Continue reading “The Usual Way to Manage Passwords and How Attackers Exploit it”