How to Manage Passwords – Easily & Securely
Passwords – they’re a pain. We know, we feel it too.
Actually that’s not really true – we used to feel that pain before we discovered a smarter way of managing them, a new way which has not only taken away the pain but has also put a little bit of magic into the process that makes you think there is hope – for technology and humanity :). As Mr. Clarke put it, any sufficiently advanced technology is indistinguishable from magic. Well, here’s a bit of tech that we think injects magic into the otherwise dull, dreary and annoying process of managing passwords.
Now you may wonder, why is it hard to manage passwords? Surely you just pick your favourite child / colour / pet / car and use that as your password everywhere you go? Well that’s a REALLY bad idea. That password is going to be easy to guess – either by someone who knows you, or by an unknown attacker using a dictionary or brute-force attack. It also means that once someone has one of your passwords, they’ve got them all. We won’t spend too long talking about all the bad stuff someone could do once they have access to just one of your accounts (like an email account), leave alone easy access to your entire digital identity.
So – we know passwords are imperfect things, and not really up to the task when it comes to keeping critical data safe. This isn’t new news, we’ve known it for a long time and if you don’t want to take our word for it – well, Bill Gates has been saying it for a decade. Hopefully they’ll be gone soon, replaced by something like biometric authentication – but for the time being, we’re stuck with them, so we may as well figure out how to make the best of the situation.
So let’s move on to the fun stuff… but first, let’s take a quick look at what a password should be like:
- long: the longer, the harder to guess.
- complex: i.e. long, and ideally a random mix of numbers, letters and symbols. For example, @#ATr]Y),hs:r}4W is a great password. You could also use a phrase rather than a word but sadly many websites have very short limits on how long your password can be.
- non-dictionary: don’t use a dictionary word. Partially covered by the above point, but something complex like Hello1234! is technically complex but will be easier to guess than something like He77o1234!
- memorable: after all, you have to remember it, right? Well actually – no. More on this later.
- new: passwords should be changed frequently, so that if someone managed to intercept your password, they only have a short window of time in which to exploit it. And don’t re-use old passwords, because that defeats the purpose.
- unique: so that if someone gets hold of one of your passwords, they only gain access to one account and not everything. Remember, your password can be compromised without you ever making any mistakes, for example if a website you have an account at is compromised and stores their passwords in such a way that attackers can access them. Yes, this does happen, all too frequently sadly.
- shouldn’t contain: any dictionary words, names, birthdays, addresses, phone numbers, etc etc. Basically anything that is real to you. Also don’t make it a common pattern such as qwerty and definitely don’t use the word password!
- not stored anywhere unencrypted
- never sent in plain text
So now we know roughly what your passwords should look like. You’re probably thinking – great, so all I have to do is go to every web/app/service I have an account at, create a random string of numbers and letters, change that password, memorise the new one, and repeat the process for each of the 700 accounts I have. Easy, right? Clearly not. So let’s sprinkle a bit of fairy dust onto this and get the magic going.
Enter the magical password manager. In this post I’m going to talk about Dashlane, because that’s the one I use, but there are others with similar / equivalent / different functionality that are also very good. Examples are LastPass and StickyPassword.
Apologies for over-using the m-word but I really think that if someone in Apple marketing was talking about this tool and they had to compare it with all the magical & revolutionary iPhones they’ve launched, they’d probably have an aneurysm trying to come up with the appropriate adjectives.
So, here’s how Dashlane will make your life amazing:
- Import the passwords you have saved (insecurely) in your browsers, allowing you to bin them from the browsers.
- Analyse those passwords, and tell you which ones are insecure, which have been re-used and which have been used on websites that were themselves compromised.
- Offer you the option for it to go off and automagically change many of those passwords for you, safely storing the new passwords in encrypted form within the app
- Offer to create and save a nice long, unique, complex password for you every time you register at a new website
- Automagically log you in with your saves credentials when you arrive at a login screen
- Save other information if you want to, such as form data (phone, address, emails, even credit card info) and – you guessed it – automagically fill this in for you.
- Store all your data in a safe, encrypted format
- Password protect your data.
Sound good? Let’s get started.
So – step 1, sign up for, download & install Dashlane. It’ll only take a couple of minutes. You will also want to install the Dashlane browser add-ons, because this is where half the magic happens – and is the hardest part of this process because you will probably need to close your browsers (shocking, I know, sorry).
If you use the link provided in this post, we’ll each get a free $20 credit towards Dashlane Premium which allows sync across multiple devices (the standard one only works on one device).
After installation you will be prompted to pick a master password. This is a VERY IMPORTANT step. Make this password complex AND MEMORABLE, because you WILL NEED TO REMEMBER IT! It will probably be the only password you ever need to remember – so DON’T FORGET IT!
Follow the Dashlane wizard (ha, see, I told you) and import passwords from your browsers. Don’t skip this part.
You then get to the Security Dashboard, which is where you can analyse your password safety and get some quick wins by hitting auto-change on all the available passwords, and quickly seeing the top problems – i.e. unsafe or compromised passwords.
At this point you’re up and running so our suggestion is that you ensure for the first few days that you ONLY use Dashlane to manage your logins. Very quickly this will become habit, and you will have moved WAY forward on the password security spectrum.
For your ease of reference, here’s a quick overview video of the setup process. Do let us know what you think by leaving a comment below.
The password is dead, long live the password.
Good luck! 🙂