Why you don't need 27 different passwords   
       
   Posted: May 4, 2017 by Wendy Zamora   
   Last updated: July 27, 2018   
       
   Passwords. The bane of modern existence. To celebrate this nuisance, the   
   holiday gods have given us World Password Day, where thousands of people come   
   together online and pledge to improve their password habits. How many of those   
   pledges do you think stick? According to the 2017 Verizon Data Breach   
   Investigation Report, not many. A little over 50 percent of all breaches in   
   the last year leveraged either stolen or weak passwords.   
       
   Current state of affairs   
       
   According to a poll by Intel Security, the average person has 27 discrete   
   online logins. From social media accounts to banking to online shopping to   
   utilities, credentials-which usually include a username and password-are   
   required for each. And if people are practicing good password hygiene, they're   
   engaging in the following recommended practices:   
       
       DO: Use a different password for each account.   
       DO: Use a long password. In fact, the longer, the better.   
       DO: Use special characters, numbers, and capital letters.   
       DO: Change your passwords every couple of months.   
       DO NOT: Write down your password, whether that's on a piece of paper or   
   stored electronically.   
       DO NOT: Share passwords via text, email, or chat.   
       DO NOT: Use easily identifiable information, such as a birthday or a   
   child's name.   
       DO NOT: Use an incredibly generic password such as 12345. (That's the   
   combination an idiot would use on his luggage.)   
       
   All of this, for 27 different logins, is simply unmanageable. In fact, the   
   Intel study found that 37 percent of its respondents forgot a password at   
   least once a week. And people are so sick of juggling dozens of different   
   passwords, that 20 percent said they would give up ESPN if it meant never   
   having to remember another one. Six percent said they'd give up pizza. PIZZA.   
       
   This level of discontent and security fatigue means that very likely, most   
   users are falling back on bad habits: writing passwords down in a notebook or   
   a Google Docs sheet, for example, or using the same password across multiple   
   logins. (A study by the National Institute of Standards and Technology   
   confirms this: 91 percent of its respondents admitted to reusing passwords.)   
       
   So this is why we say: stop it. Stop the bad habits, yes, but stop the "good"   
   ones, too. Having 27 different passwords that are lengthy and full of   
   characters and numbers and need to be changed every few months and can't be   
   written down-you'd need the memory of an eidetic elephant to keep up. Online   
   services will only multiply, so what should you do?   
       
   It's very simple. Get a password manager.   
       
   Password manager 101   
       
   For those who might not be familiar, password managers assist in generating,   
   storing, and retrieving passwords from an encrypted database. They typically   
   require that users create and remember one master password to rule them all.   
   One master password to find them. One master password to bring them all, and   
   in the darkness bind them.   
       
   One master password to stand at the precipice and shout gallantly, "YOU SHALL   
   NOT PASS!"   
       
   Sorry, it couldn't be helped. As we were saying. Generally, most password   
   managers work the same way. You'll be asked to create a strong master password   
   during setup (and here's where you'll use those password best practices, such   
   as generating a long passphrase with numbers and capitals that steers away   
   from guessable personal info). From there, you'll add your other credentials   
   to the password manager either manually or through tools that can   
   automatically find and upload passwords for you.   
       
   While most password managers have similar setups, they secure passwords in   
   different ways. Web-based password managers store your passwords encrypted in   
   the cloud. Some are built into browsers, such as Safari, Firefox, and Chrome.   
   Others may store your passwords locally in an encrypted file on your computer,   
   tablet, or phone.   
       
   In addition, some password managers have features that help you audit your   
   credentials, allowing you to weed out duplicate login info and remove sites   
   you don't use, or alerting you to breaches that have happened to the companies   
   you log into. Many have customizations that allow increased security, such as   
   regional lockout and two-factor authentication (which we highly recommend   
   taking advantage of).   
       
   But aren't I just asking to be hacked?   
       
   While some folks might be wary of using a single point of access for all their   
   sites, remember that password managers still use your individual passwords to   
   log in to your accounts. Those passwords are locked in an encrypted database,   
   which is way more secure than a post-it on your office desk or a faulty   
   memory. Ask yourself this: is it safer to store all your money in one bank or   
   to hide it in piles underneath several mattresses?   
       
   As for fear of password managers being breached-sure, it's possible. In fact,   
   it's already happened, as was the case in 2015 when LastPass was breached.   
   However, even though cybercriminals got their hands on some email addresses,   
   they were unable to crack master passwords. This is because master passwords   
   are protected with military-grade security, hidden behind thousands of rounds   
   of hashing, or algorithms that convert strings of text into longer strings of   
   text. So far, no reputable password manager has leaked consumer master   
   passwords (that we know of).   
       
   So which password manager should I use?   
       
   The following password managers come highly recommended by our staff and tech   
   reviewers from The New York Times, Lifehacker, and PCMag:   
       
       1Password   
       LastPass   
       Dashlane   
       Sticky Password   
       
   If you don't trust third-party apps with all of your personal information, you   
   can try an open-source password manager such as KeePassX, though it requires a   
   fair bit of technical know-how to set up.   
       
   I am absolutely opposed to a password manager. What else can I do?   
       
   While we stand by our recommendation to use password managers, we understand   
   the urge to reject placing all your trust in the hands of another company. So   
   here are a few alternate methods for choosing more secure passwords than the   
   random hodgepodge you're likely working with now.   
       
       Split up your online services into major groups, such as bills,   
   entertainment, shopping, and social media. Assign a single theme to each   
   group, and create passwords for each service related to that theme. For   
   example, you could choose movies as your theme and assign quotes from one   
   movie to one group, or character names from a second movie to the second   
   group. Rotate these passwords every 90 days by incrementally adding a number   
   or changing a character. This requires a lot more effort but is still   
   preferable to using the same password across all accounts or having to reset   
   forgotten passwords every week.   
       Choose one semi-difficult password for all accounts but insert a naming   
   convention in the middle of the password to denote which account you are   
   signing into. For example, if your password is L3tme1npleaz, your Gmail   
   password could be L3tme1nGMAILpleaz. Your Amazon password could be   
   L3tme1nAMAZONpleaz, and so on and so forth. (Please don't use these examples.)   
       When possible, choose a service that has two-factor authentication over   
   one that does not. More than 150 applications currently implement two-factor   
   authentication. You can check out which ones do here.   
       
   Passwords don't have to rule your life. You can lock them up behind a password   
   manager and worry about remembering a single, slightly complex phrase instead   
   of 27. You can relax knowing how well guarded your passwords are. And you can   
   go ahead and burn that secret list of passwords you keep in your address book   
   even though you're not supposed to.   
       
   Do you have a favorite password manager? Or a method for creating and   
   remembering unique passwords? Let us know in the comments below.   
       
       
   Regards,   
       
   Roger   
      
   --- D'Bridge (SR36)   
    * Origin: NCS BBS - Houma, LoUiSiAna (1:3828/7)