The number of passwords we need to use in our daily lives continues to grow and when coupled with shifting password length and complexity requirements it becomes very hard to keep them all straight. Thankfully, there are strategies that can help you manage all your passwords and help you remain safe online. Here, we will explore the world of password managers.
Why do you make me change my password?
Before we jump into password management it is worth taking a little bit of time to talk about one of the most frustrating mechanisms related to passwords: password expirations. For Ithaca College, expirations provide a mechanism to shield our systems from breaches that occur in third party systems. For example, think of a few sites where you use the same password. Now, if one of those sites is compromised and their list of users’ passwords is stolen, the remaining sites with the same password are now at a higher risk of also being compromised. If you happen to use the same password on that site as you do at work, our risk also goes up.
Good passwords
The best passwords are long, complex, and unique. We are all familiar with the first two recommendations. A password should be (minimum) 8 characters long and include both uppercase and lowercase characters, numbers, and special symbols. Taken on their own, those two recommendations are not very tough to follow. As an example, Pizza!23 meets those recommendations. The difficult part is making sure your password is also unique. It is recommended that your passwords be different from one another, so you could create P1zz@!23, p1ZZa32!, and PiZZ@12! for the different systems you access. It's great that they are unique passwords, but remembering each one will quickly become unmanageable. The next time you need to create a password you might be tempted to start re-using the same password, so that you don’t have to remember another permutation of “Pizza”. So how do you keep track of all of these passwords? You might want to consider a password manager.
Managing your password
A password manager is like a wallet for your passwords. You create a record for each website or system you have an account with and store your password within the manager. When you visit a website, your password can be copied and pasted or manually typed from the manager into the site’s password field. Some managers also have the ability to detect what site you are currently visiting and automatically fill in the necessary login information for you. You may be wondering what happens if your manager falls into the wrong hands. Does the hacker now have access to all your websites? The answer is no; most password managers either require or strongly suggest you protect your password manager with a “master” password. This password protects your individual password records by encrypting (locking) them against unauthorized use. Without your master password, any copies of your password manager records are unusable.
Password Managers Available
There are multiple companies offering password manager solutions. While DIIS does not support or endorse any particular tool, a few of the better-known managers are:
Once you have chosen and started using your password manager, you may experience an adjustment period, where you become annoyed and frustrated at the new manager that may seem to be slowing you down. Start small and begin by only moving a handful of your sites into the manager. As you get used to the new workflow you can start moving more and more sites into the manager. Eventually, you will have every password stored and can sleep better knowing that you have markedly improved your security while online.
Closing
Passwords are an integral part of our lives. Many services only rely on passwords as the sole means of proving your identity, so you need to keep them long, complex, and unique. The use of a password manager does have a learning curve and will take some time to get used to. If you do not feel comfortable using a password manager, the next best thing is to ensure you have a unique password for your email account and other highly sensitive accounts (banking and government services). A unique email password is especially important because it helps you recover passwords from other accounts you may be locked out of. In some cases, all a person would need is access to your email account in order to gain access to multiple other accounts.
Information Security Office
Digital Instruction and Information Services
infosec@ithaca.edu
https://www.ithaca.edu/intercom/article.php/20161212153632591