![Picture](/uploads/2/5/5/8/25585870/661298.jpg)
by Mike Disher
For the past couple weeks we've talked about WHY we need unique, strong passwords; and WHAT makes a strong password. Today, the last in this 3-part series discusses HOW to best manage these passwords, and to do so in a secure manner.
I've been chatting with friends and colleagues about this whole issue of passwords quite a bit these last few weeks, and the biggest concern I've heard is not anything to do with the first two questions. It seems that with all the press about the Target breach over the last few months, along with the news about the various hacks and security leaks lately, people are "getting" the message about the need for these extra measures. They understand they have to have good, strong, unique passwords. But, how to remember them seems to be on their minds more than anything else.
In fact, I'd say there seems to almost be a sense of worry over HOW TO MANAGE the number of passwords that we have to keep track of, and to do it in a way that doesn't "give" our list of passwords to some company in a blind trust that they will keep them secure. This is a valid question, so I'm going to offer one man's opinion.
Let me say up front, that no matter how you personally decide to keep track of your passwords, be it a list, a program on your desktop computer, whatever; BE ABSOLUTELY CERTAIN that you keep a second copy somewhere safe. It could be a relative or trusted friend, a safe deposit box, wherever...but this is very, very important. Electronics and technology, we all know, will fail from time to time. You need a backup way to get this security information if something catastrophic should happen. And it would be a shame if after a tornado or other disaster, you couldn't get into your financial or medical or other vital accounts to take care of business, because the only secondary copies you had were in a safe in the same house your computer was located in. Nobody ever assumes this will happen to them...as a matter of fact, that's usually the first thing they tell the reporters when they get interviewed after it does!
So cutting through all the techno-babble, my method of choice is to find some type of program that will work on all my devices, and will automatically sync between them. In this way, no matter if I'm on my iPhone, Android Tablet or Windows workstation, I've got access to those passwords and other security information I need to keep track of.
There are all kinds of programs available to do this for you. Just go to your device type's "application store" and do a search for "password manager" (or some variations) and you'll find lots of them. And trust me...there will be LOT'S of them for you to choose from. The question then becomes, "How do I decide what is a good one?" The following is a list of questions that I would ask:
1. How much is it worth to you?
2. Does it work on all my devices?
3. What types of information can I store in it?
4. Can I figure out how to use it?
5. WHERE does it keep my data and is it secure?
6. Can I make a human readable backup?
How much is it worth to you? What value do you place on the knowledge that you have a secure repository of all your passwords and other security information. This is an important question, because it will determine how much you are willing to spend on an application to manage this for you. A quick look at the Apple App Store revealed lots of options ranging from FREE to $14.99. For some solutions, you'll have to pay a fee for each device you want a copy of the program available to you on. So for example, since I use an iPad, iPhone, and Windows 8 laptop personally, and a Windows desktop at my work...I could conceivable have to purchase 4 different licenses for whatever program I decide upon. Some will have a single price for all devices...but they might not have all the options you need or answer the rest of the 6 questions to your satisfaction...thus, only you can decide which program is right for you.
Does it work on all my devices? Although it's second on my list of questions, you may want to check this out first. An application can have a host of great options and do everything you could ever dream of, but if it doesn't work on all the device platforms you need it for...including those that might be in your future...you should discard it as an option. In my opinion, if a vendor says something like, we don't support your device-type now, but its in our next release, its probably best to look for a different option. Its very rare that a first release of any application will perform at peak, so, unless you are willing to use it through the development process, including the bugs and other failures that might come with it, go for a more mature option.
What types of information can I store in it? This blog series has concentrated predominantly on passwords, but we have a whole lot of other security information that it is convenient to have available, especially if we can do so in a secure way. Things that come to mind are: Social Security Number, Bank Account, Medical Service 'Portal's, Credit Card information, safe deposit box, safe combinations, etc. I'm sure there's quite a bit I'm not thinking of. So pay attention to the various types of information that can be stored, as well as how easy it appears to categorize them to aid in retrieval. For example, if its all in one big list, with no categories, wouldn't it be fun to find a specific piece of information related to your bank? Let's say its Well's Fargo. You might have one or more Well's Fargo credit cards, a Well's Fargo safe deposit box, Well's Fargo Checking account, Well's Fargo Savings account, Well's Fargo on-line banking portal, etc. See what I mean?
Can I figure out how to use it? Some people are stretching their comfort levels just using computers, smartphones and other devices. If the application you are using to manage your security is as, or more, intimidating than the device itself, you'll be tempted to become lax in how well you protect your information because of this, and thereby put yourself, and possibly your identity, at risk. So take the time to give the program you are considering a trial if it is available. If there is no trial period, be very, very thorough in your research before you buy to avoid disappointment.
WHERE does it keep my data and is it secure? This question is so much more important than it may seem at first glance! When you look through the application store for your device, its no easy task to determine where an app or application was developed. How comfortable would you feel using a password manager developed in, say, North Korea? Russia? China? Your answer will be personal and based on your own experience and understanding, right? Personally, it doesn't really matter to me where it is developed, HOWEVER, it does matter if the application developer is where my data is being stored. IMHO, I'm only interested in a management utility if my data is NOT in any way stored on their servers, and I prefer that it doesn't ever pass through their servers or their view in any way. Here are my personal criteria: 1) Securely stored only where I, personally, decide to store it; 2) Easily and securely stored and available on all my devices where I need it; 3) Automatically updated between devices when I make changes on any one of them, and 4) NEVER available to the application developer if I don't want it to be! You may be thinking this will eliminate most options because I'm being so restrictive. You are RIGHT! I personally care a great deal about my identity and want to protect it the best way I know how, so I'm very, very particular in these matters. You need to determine for yourself what you are willing to put at risk and to what level, and make your own decision.
Can I make a human readable backup? The last one is very crucial. You need to be able to have a copy of all this data so that you can store it somewhere you can access and interpret it in the even the electronics and/or technology you employ, fail. And by the way, if you are given the opportunity to "name" the file that it creates for you to print out or save...resist the urge to call it "Mike's Passwords" or something that clearly identifies what it is. I might decide to give a copy in a sealed envelope and ask my son to keep it in a safe place in case I ever need it, and if his house is ever compromised, I don't want my information to be both human readable AND attachable to me if at all possible.
Hopefully, by now, you have learned two important facts.
1. You are never totally secure...only secure to the level you are willing to spend your time and money for.
2. I have not, to the disappointment of many, made a specific recommendation as to a program to use.
Both of these two points are the absolute bottom lines of this blog series and its purpose. I can't judge for you how much time or money to spend on a solution for this critical function. You need to put in the time to do that for yourself, for only you understand your specific needs, budget and your need and tolerance for risk avoidance. I've made a decision for myself. In the process of making that decision I actually tried between 1 and 2 dozen alternatives.
First I read the descriptions of the applications to make sure it worked on my devices, then I made sure it would handle all the types of data I wanted to maintain, then I read the reviews, then I did the trials and experimented with some FAKE DATA, then I paid attention to how easy it was to use and how complete the feature set was, then I considered where the data was stored. Then, and only then, I considered the filtered alternatives and made a decision.
You won't convince me to tell you what I decided upon for many reasons. But the most important is the undoubtedly personal decision this must, by necessity, be. I cannot encourage you enough to engage in this process for yourself, so that you can have the satisfaction of knowing that your information is readily available when you need it, securely stored when you don't, and easily retrievable in the case of an emergency.
- - - - - - - - -
Check back with http://dishtech.weebly.com weekly as we present “THE DISH” on topics of interest for the technology curious!
For the past couple weeks we've talked about WHY we need unique, strong passwords; and WHAT makes a strong password. Today, the last in this 3-part series discusses HOW to best manage these passwords, and to do so in a secure manner.
I've been chatting with friends and colleagues about this whole issue of passwords quite a bit these last few weeks, and the biggest concern I've heard is not anything to do with the first two questions. It seems that with all the press about the Target breach over the last few months, along with the news about the various hacks and security leaks lately, people are "getting" the message about the need for these extra measures. They understand they have to have good, strong, unique passwords. But, how to remember them seems to be on their minds more than anything else.
In fact, I'd say there seems to almost be a sense of worry over HOW TO MANAGE the number of passwords that we have to keep track of, and to do it in a way that doesn't "give" our list of passwords to some company in a blind trust that they will keep them secure. This is a valid question, so I'm going to offer one man's opinion.
Let me say up front, that no matter how you personally decide to keep track of your passwords, be it a list, a program on your desktop computer, whatever; BE ABSOLUTELY CERTAIN that you keep a second copy somewhere safe. It could be a relative or trusted friend, a safe deposit box, wherever...but this is very, very important. Electronics and technology, we all know, will fail from time to time. You need a backup way to get this security information if something catastrophic should happen. And it would be a shame if after a tornado or other disaster, you couldn't get into your financial or medical or other vital accounts to take care of business, because the only secondary copies you had were in a safe in the same house your computer was located in. Nobody ever assumes this will happen to them...as a matter of fact, that's usually the first thing they tell the reporters when they get interviewed after it does!
So cutting through all the techno-babble, my method of choice is to find some type of program that will work on all my devices, and will automatically sync between them. In this way, no matter if I'm on my iPhone, Android Tablet or Windows workstation, I've got access to those passwords and other security information I need to keep track of.
There are all kinds of programs available to do this for you. Just go to your device type's "application store" and do a search for "password manager" (or some variations) and you'll find lots of them. And trust me...there will be LOT'S of them for you to choose from. The question then becomes, "How do I decide what is a good one?" The following is a list of questions that I would ask:
1. How much is it worth to you?
2. Does it work on all my devices?
3. What types of information can I store in it?
4. Can I figure out how to use it?
5. WHERE does it keep my data and is it secure?
6. Can I make a human readable backup?
How much is it worth to you? What value do you place on the knowledge that you have a secure repository of all your passwords and other security information. This is an important question, because it will determine how much you are willing to spend on an application to manage this for you. A quick look at the Apple App Store revealed lots of options ranging from FREE to $14.99. For some solutions, you'll have to pay a fee for each device you want a copy of the program available to you on. So for example, since I use an iPad, iPhone, and Windows 8 laptop personally, and a Windows desktop at my work...I could conceivable have to purchase 4 different licenses for whatever program I decide upon. Some will have a single price for all devices...but they might not have all the options you need or answer the rest of the 6 questions to your satisfaction...thus, only you can decide which program is right for you.
Does it work on all my devices? Although it's second on my list of questions, you may want to check this out first. An application can have a host of great options and do everything you could ever dream of, but if it doesn't work on all the device platforms you need it for...including those that might be in your future...you should discard it as an option. In my opinion, if a vendor says something like, we don't support your device-type now, but its in our next release, its probably best to look for a different option. Its very rare that a first release of any application will perform at peak, so, unless you are willing to use it through the development process, including the bugs and other failures that might come with it, go for a more mature option.
What types of information can I store in it? This blog series has concentrated predominantly on passwords, but we have a whole lot of other security information that it is convenient to have available, especially if we can do so in a secure way. Things that come to mind are: Social Security Number, Bank Account, Medical Service 'Portal's, Credit Card information, safe deposit box, safe combinations, etc. I'm sure there's quite a bit I'm not thinking of. So pay attention to the various types of information that can be stored, as well as how easy it appears to categorize them to aid in retrieval. For example, if its all in one big list, with no categories, wouldn't it be fun to find a specific piece of information related to your bank? Let's say its Well's Fargo. You might have one or more Well's Fargo credit cards, a Well's Fargo safe deposit box, Well's Fargo Checking account, Well's Fargo Savings account, Well's Fargo on-line banking portal, etc. See what I mean?
Can I figure out how to use it? Some people are stretching their comfort levels just using computers, smartphones and other devices. If the application you are using to manage your security is as, or more, intimidating than the device itself, you'll be tempted to become lax in how well you protect your information because of this, and thereby put yourself, and possibly your identity, at risk. So take the time to give the program you are considering a trial if it is available. If there is no trial period, be very, very thorough in your research before you buy to avoid disappointment.
WHERE does it keep my data and is it secure? This question is so much more important than it may seem at first glance! When you look through the application store for your device, its no easy task to determine where an app or application was developed. How comfortable would you feel using a password manager developed in, say, North Korea? Russia? China? Your answer will be personal and based on your own experience and understanding, right? Personally, it doesn't really matter to me where it is developed, HOWEVER, it does matter if the application developer is where my data is being stored. IMHO, I'm only interested in a management utility if my data is NOT in any way stored on their servers, and I prefer that it doesn't ever pass through their servers or their view in any way. Here are my personal criteria: 1) Securely stored only where I, personally, decide to store it; 2) Easily and securely stored and available on all my devices where I need it; 3) Automatically updated between devices when I make changes on any one of them, and 4) NEVER available to the application developer if I don't want it to be! You may be thinking this will eliminate most options because I'm being so restrictive. You are RIGHT! I personally care a great deal about my identity and want to protect it the best way I know how, so I'm very, very particular in these matters. You need to determine for yourself what you are willing to put at risk and to what level, and make your own decision.
Can I make a human readable backup? The last one is very crucial. You need to be able to have a copy of all this data so that you can store it somewhere you can access and interpret it in the even the electronics and/or technology you employ, fail. And by the way, if you are given the opportunity to "name" the file that it creates for you to print out or save...resist the urge to call it "Mike's Passwords" or something that clearly identifies what it is. I might decide to give a copy in a sealed envelope and ask my son to keep it in a safe place in case I ever need it, and if his house is ever compromised, I don't want my information to be both human readable AND attachable to me if at all possible.
Hopefully, by now, you have learned two important facts.
1. You are never totally secure...only secure to the level you are willing to spend your time and money for.
2. I have not, to the disappointment of many, made a specific recommendation as to a program to use.
Both of these two points are the absolute bottom lines of this blog series and its purpose. I can't judge for you how much time or money to spend on a solution for this critical function. You need to put in the time to do that for yourself, for only you understand your specific needs, budget and your need and tolerance for risk avoidance. I've made a decision for myself. In the process of making that decision I actually tried between 1 and 2 dozen alternatives.
First I read the descriptions of the applications to make sure it worked on my devices, then I made sure it would handle all the types of data I wanted to maintain, then I read the reviews, then I did the trials and experimented with some FAKE DATA, then I paid attention to how easy it was to use and how complete the feature set was, then I considered where the data was stored. Then, and only then, I considered the filtered alternatives and made a decision.
You won't convince me to tell you what I decided upon for many reasons. But the most important is the undoubtedly personal decision this must, by necessity, be. I cannot encourage you enough to engage in this process for yourself, so that you can have the satisfaction of knowing that your information is readily available when you need it, securely stored when you don't, and easily retrievable in the case of an emergency.
- - - - - - - - -
Check back with http://dishtech.weebly.com weekly as we present “THE DISH” on topics of interest for the technology curious!