How to remember all your passwords and keep them safe

[CLICKHEREx]

http://qz.com/230093/this-is-how-to-remember-all-your-passwords-and-keep-them-safe/


July 7, 2014

Rafael Laguna is CEO and co-founder of Open-Xchange, a company developing of productivity software.

In the days after the Heartbleed story broke, Internet users were strongly advised to change the compromised passwords on their online accounts to protect their data.


For anyone who’s been a web user for a significant amount of time, the number of such accounts is high, unmanageable even: email (personal and work), LinkedIn, Skype, Facebook, Twitter, bank accounts, G+, Apple ID, Instagram, YouTube, Vimeo, news sites, Yahoo!… Hotmail? AIM? ICQ? Myspace? mIRC? The innovation economy’s proliferation of apps, services and devices has complicated our lives, rather than make them simpler, the way technology should.


Heartbleed woke the world up to security and privacy, but it also revealed how thinly our online identities are spread across different platforms, putting the user at risk and also impairing their ability to be productive, collaborative and high-functioning.

What happened to the web

Tim Berners-Lee, inventor of the world wide web, envisioned an internet that improved how we communicate. In his 1999 book Weaving the Web, he said:


“The Web is more a social creation than a technical one. I designed it for a social effect—to help people work together—and not as a technical toy.”


In some ways, this happened: we have access to global repositories of knowledge, and there are options for free and inexpensive tools, software and storage on the web.


But in other ways, we’re more distracted, misunderstood and mentally scattered than ever. Recent research found average users switch between their devices as many as 21 times an hour. The multi-platform, multi-device world shattered our attention spans—400 milliseconds can be too long for users to wait for a page to load, shorter social media post or videos are more likely to get likes and shares.


Users—as well as technology vendors, service providers and governments—cannot expect that more apps and services will optimize the web experience. Instead, innovators and disruptors need to understand the importance of open technology, emphasize interoperability and transparency, and promote security, privacy and ease of use. But this won’t happen without the aid of better and more thoughtful web-based software.

Make the best of the cloud

If it isn’t already clear based on the ubiquitous presence of cloud services (a market worth more than $131 billion), web-based software is how work and play will be done from now on. And despite security and privacy risks (whether from prying governments or cyber-criminals), web-based software has the ability to bring the many accounts, apps and services we use together into streamlined channels. A single cloud-based user portal, which can be used on any device with a browser, can provide access to all our social media accounts, email, file storage and even document collaboration tools on a single screen.


The danger is that new apps and services too often create proprietary walls. Apple, Google and Microsoft have made it easier to access their services via the cloud, but they haven’t made it easier to access other services. This one-minded game doesn’t suit modern users, with hundreds of accounts, apps and passwords. It also doesn’t foster a collaborative web. That’s why the global cloud infrastructure must be open, with open APIs, source code and even hardware specs.

The password problem

Of course, even with a streamlined, open web solution for all the apps, there is still the problem of having hundreds of passwords. Unfortunately there is no technological solution today that will make it easy to remember all of your passwords while still keeping them secure. However, there is a fairly straightforward, two-step approach to passwords that will put a user at far less risk.


First, you need a method of easily remembering your unique passwords without having to save them to your browser’s cookies. One method is to base them on the first letter of each account. For example, your Facebook password would correspond to (F), which could mean “favorite film.” If your favorite film is Star Wars, you might then pick your favorite character: Han Solo. Then, your password could be Solo, plus some combination of numbers and symbols that isn’t related to any of your personal data but instead has a hidden personal meaning—for example, you first saw Star Wars on your 7th birthday, which was in 1983, at your Uncle John’s house. So the password for Facebook is now Solo7_1983@johns. Not a foolproof system, because the most dedicated hacker can crack any password, but it’s much better than using variations on the same password for all accounts.


The second part is never store your passwords or other account information in a public cloud, where they could always be at risk of leaking or being hacked. Never store passwords in a Google Doc, or even in your smartphone’s notepad app—you’re asking for trouble.


We welcome your comments at [email protected].


------------------------------------------------------------------------------


My approach is to use a small stable of a few simple, easily remembered passwords for unimportant accounts, but to employ combination upper & lower case alpha-numeric passwords, with at least 8 characters, so the number of possible combinations is more than 62^8 (62 multiplied by itself 8 times) for the important ones.

A suggestion for storing multiple ones is to use a computer, not connected to the internet at the time, (say in a laptop / notebook with WiFi turned off) list them on "notepad", (or notebook, if you have it installed) then send to "desktop", and copy from there to a flash memory / data stick, then remove it, and delete the desktop entry and notepad data, then turn the WiFi back on. Then it's not stored on hard drive, just in your pocket, or around your neck, hidden somewhere, etc.

It seems to me that this should eliminate the possibility of hackers using key stroke logging, although some of you may well know a lot more about such things than this virtual computer illiterate, so I'm interested in your ideas on the above.

[Jumpstarter]

I like to use this little program - http://keepass.info/

Remember one password which protects the database and let it remember the rest. It also can generate passwords for you, to suit particular strengths.