Now that we have started the process of how to organize your passwords by collecting the ones we know, the second step is about deciding what your passwords SHOULD be.
Review Current Passwords
When you look at your list of passwords, do you see the same password used multiple times? Do you see many versions of almost the same password? One reason that using the same password on multiple web sites is not safe, has to do with company data breaches. The people who steal the data know that most people reuse their passwords. They will sell email and password combinations that can be tried on many different sites easily. This article on Tom’s Guide explains it well.
So, let’s say you signed into Macy’s using firstname.lastname@example.org with a password of 1234567. A weak password may be ok, because the information someone could steal about you from Macy’s is minimal. But if that password is also used for a Bank of America account, thieves may get into the Bank of America account even though the bank did not have a data breach.
There are ways to limit reusing the same password, that still allow you to remember the most important ones. One way, is to use a base password and then add to the front or back end something about the website that you are using it at. For example, if your base password is Jane 42, then at Macy’s you could use a password of Macys@Jane42, and at Bank of America is could be BOA@Janes42.
One of the difficulties is that different websites require and allow different characters in their passwords. Some require special characters, a few restrict you from using special characters. Some require 6 or 8 or 10 character minimum lengths. But these tricks can get us started.
Choose New Passwords
So the next job is to write a list of the passwords to use at these websites. Be especially vigilant about the use of passwords at banks and financial institutions, anywhere that has saved credit card information, and anywhere that stores personal information such as medical information or social security number.
This is also the time that to consider using a Password Manager, or storing passwords in a document on a phone or computer that is locked. Here is a guide to Password Managers from CNet.
Armed with this list of desired passwords, we will start to make the changes needed in a thoughtful way, which we will cover in our next blog post in this series.