The Wrong Way to Manage Your Passwords

Over the weekend I went camping with some buddies, and somehow the subject of computer passwords came up. I asked everyone how they manage theirs, and all six of them said the same thing: They store them in a text file, spreadsheet, or some other similarly unprotected document.

The horror!

That's a disaster waiting to happen. If a hacker ever finds his way onto one of their PCs, those passwords will be easier to steal than a whiff of chocolate at the Hershey factory. What's more, if one of my amigos ever needs access to those passwords while traveling, he's out of luck. Same goes for a hard-drive crash: it'll take down that password list along with everything else.

My advice to them and everyone else on the planet: use a password manager--ideally, one that can sync with a smartphone and/or the cloud.

These tools offer both simplicity and convenience. You just enter in the details of the various sites and services you use--user ID, password, Web address, etc.--and the password manager stores them in a simple, secure, password-protected database. In other words, you need to remember only one password to gain access to all your other passwords.

As for convenience, the better managers can sync with, say, your iPhone or Android phone, as well as a secure Web site for easy access on any PC. I also like the ones that can automatically generate secure passwords on your behalf (useful for those folks who still think "123456" is a safe choice).

So, which password manager should you use? I'd say it doesn't matter, so long as you use one. But check out PC World's Best Password Managers: Top 4 Reviewed. Personally, I'm partial to LastPass.

Subscribe to the Security Watch Newsletter

Comments