Did I say my mini-series on passwords was finished? You may have thought that from the title of the previous part – Back to Basics Your Password the Finale – but then I was asked a question during a meeting by a reader of the series.
“How do I remember all the complicated passwords you want me to use?”
It is a good question and I have three answers to the problem.
Passwords on Paper
This is an option, and I have at least two clients who admit to keeping their passwords in a pocket sized notebook. Now there may be ways to obfuscate the sensitive information and make this secure but I am not convinced. The big advantage of this approach is that the valuable passwords are inaccessible to an online attack. However, if the notebook is lost or stolen I am not sure what the incident response plan should be, except sit down and start changing passwords, beginning with those not protected by multi-factor authentication.
If you do use a notebook don’t get one that says “Passwords” on the cover!
Password Bank Service
A quick google will present you with a list of websites that all promise to keep your valuable credentials secure from hackers but available to you. You will be trusting them to do this. However, another Google search will list all the news articles where services such as the popular LastPass have suffered data leaks and breaches. Now many of these service providers will tell you that no user passwords were compromised – but they also offered a secure service!
Passwords in an Encrypted File
Or you can take responsibility for your own passwords and keep them in a Microsoft Office encrypted document – then you only need to remember one complicated password. Both Microsoft Word and Excel can be encrypted and we have clients who have devised systems using them to store passwords. My particular favourite though is OneNote. As individual sections within a notebook can be encrypted with different passwords, it offers the option of enforcing some granular control on the passwords within an organisation.
Now you choose
There are my three answers, you need to choose the one that best suits you – but please don’t choose paper!
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Back to Basics – The Password
Back to Basics – The Password Part 2
Back to Basics – The Password Keyboard Walk Part 3
Back to Basics – Password Sharing Part 4
Back to Basics Your Password the Finale Part 5
From the National Cyber Security Centre:
Three random words – NCSC.GOV.UK
Using passwords to protect your devices and data (ncsc.gov.uk)
Featured image by Microsoft