Passwords, part 2: How to manage passwords

If you’ve read part 1 of this series, you should have a fair idea of how to create good, secure passwords. Problem is, to do a proper job you should employ multiple passwords. In theory, this means a completely different password for every place online that requires a logon of some sort. Every storefront, bank, social networking site, discussion forum and flea market should have its own unique password.

Yeah, right. Like that’s going to happen.

So, I am going to risk the wrath of all right-thinking security geeks and suggest some guidelines that, while not perfect, will tighten your security substantially without posing an undue burden on your day-to-day online activities.

Before I dive into the details, let’s take a brief look at why you need multiple passwords. It’s not at all unusual for someone to have logons at 30 or 40 different sites, very likely more. The more sites you’re on, the greater the chance that one of them will be hacked and the user names and passwords stolen. If this happens and you’ve used more or less the same logon everywhere, you have essentially handed the bad guys the keys to your entire online life. But, if each site has a unique password, your exposure is limited to just that one hacked site. Employing multiple passwords limits the damage.

Like most security issues, there is a trade-off between perfection and convenience. Managing a big pile of passwords is a nuisance, especially across multiple devices, but using the same password everywhere is a disaster waiting to happen. Happily for those of you who just want to get stuff done, there is a compromise technique that reduces risk considerably without undue management overhead.

The solution?

Use a different password for each major online category.

Depending on circumstances, you should have a minimum of five or six passwords:

1. Maintain a unique, high-security password for banking functions. Use the rules from part 1, but ensure the password is at least 12 characters long. If you have credit cards that are not associated with your bank accounts, create a separate password for online access to those cards.
2. Use a different, high-security password for social networks (Facebook, Google+, etc.). There’s always some dirtbag trying to break into such places because it lets them engage in all sorts of profitable mischief. Having some bottom feeder rummage through your — and your friend’s — personal details is a Bad Thing. The potential identity theft angle is even worse, especially if your social networking password also happens to be the same one you use everywhere else.
3. Have a unique email logon. Again, follow the rules laid out in part 1.
4. Use a separate password for shopping.
5. And, finally, have at least one other password you use for everything else.

If this many passwords is too much of a burden, at least keep banking and social networking separate. It’s very important to keep those two fenced off from the rest of your online life.

There’s yet another piece to this puzzle. In part 3, we talk about the importance of lying. Turns out, there are times when telling the truth is detrimental to password security. After that, Part 4 (in progress) will examine a handful of more advanced topics, including some utilities you can use if “good enough” is not good enough and you really, really want to maintain a unique password for every site you visit online.