Passwords, Part 2

In Passwords, Part 1, I warned you: use unique passwords and change them often...but let's face it...no one does. Modern Internet life means that you would quickly collect more complex passwords, like the one below, than you can possibly remember.

One way to fix this problem, without significantly increasing your risk is to group similar accounts and tailor your passwords accordingly. Below are examples of how you can group your passwords for easier control AND still apply the guidelines found in Passwords, Part I (PPI).
  • Work: this password ensures you can put food on the table...take good care of it and use all of the guidelines in PPI, as well as any guidelines provided by your employer.
  • Finance/Banking/Home Computer: these passwords protect your finances and your personal information (i.e. home computer, online banks, online financial accounts, online shopping, etc). These passwords must follow the guidelines in PPI, including unique passwords and regular updates. Identity theft is easier than you think...don't make it any easier by giving the bad guys one "key" to all of your accounts.
  • High use/Low financial risk: for accounts that you use regularly, but have low financial risk, many people will accept the risk of having only one password for all the accounts in the group. In addition, many people change these passwords less frequently (i.e. every six instead of every three months). Warning: don't be lazy...this password should bear NO resemblance to the passwords used for your high risk accounts.
  • Low use/No financial risk: if you don't intend to come back to a site and there is no financial risk it is generally reasonable to use the same password over and over. Again...be creative and use a password that bears NO resemblance to your high risk passwords. For these types of accounts, I may never go back to change this password.
For an example of how this might work in the real world, see my post Passwords, Part 3. Most people have only a handful of truly high risk accounts, so the above method greatly limits the number of passwords you need to remember, while simultaneously limiting your risk. A word of caution...it does not eliminate all risk...it just reduces it.


1 comment:

Anonymous said...

Great article...It made me rethink how I approach passwords. Thanks.