Managing Passwords

Everyone seems to want you to remember a new "secret" so that they can identify you don't they? Whether it's a PIN for a credit card, a password for a social networking site, someone wanting you to create a login to read their news content or eCommerce the proliferation of "passwords" that the average person needs to remember continues to grow.

To come straight to the point there are now too many for all, except those with a photographic memory, to remember them all, and for the moment it is likely to get worse before it gets better.

Here are some tips on how to manage your multiple passwords to stop yourself from going insane.

Break your passwords down by importance

The first thing to do is understand that some passwords are more important than others - an easy example is that your online banking password is much more important than your online forum password. This probably seems obvious enough, but it is important later on as we discuss some of the strategies.

Passwords can be thought of as three broad categories:

Low Risk - passwords to accounts which if compromised are unlikely to cause you any significant harm - like a password you use for an online forum where you use a handle (a non de plume, or made up identity if you will).

Medium Risk - accounts where you might be embarrassed if they were disclosed - e.g. an account for an online community where you are known by your true name e.g. facebook, myspace, etc.

High Risk - accounts which could harm you or your finances if disclosed, and which a criminal would likely target such as ebay, paypal and online banking. It is also appropriate to consider passwords which protect other people's information at this level - i.e. your workplace passwords.

Using the Same Password in Certain Situations

The first strategy for managing online passwords is to, in certain circumstances, use the same password for different sites. This is normally pretty safe for low risk passwords. You might, depending on your appetite for risk, want to use one password across all your "medium" risk accounts as well (but a different one to your low risk accounts). You should never use the same password across high risk accounts.

Write some passwords down

In the office you may well have been told to "never write down your password". There's some wisdom in that position, and for a password you use almost every single day like a login to your work it really shouldn't be necessary. However, the problem is that many of your personal passwords aren't used every day - you might only use them once a month or less.

Writing down some passwords is okay under certain circumstances. Firstly - the bit of paper you record them on needs to be secure, and non obvious to others (not a post it note next to your computer, not a list in the first draw of your desk next to your computer, etc). Secondly, you should be really careful about writing down high risk passwords - in general it isn't a good idea. Thirdly - you must comply with the rules of anyone that controls the system the password controls access to - so don't write down your office password and then blame us when you get in trouble with the boss.

Use Your Web Browser Auto Login for Low Risk Passwords

Most web browsers are able to remember login details for you. For low risk, and medium risk accounts, depending on your appetite for risk you can let your web browser remember the login details for you. While this can create problems when you change computers that is a fairly infrequent event and will save you a lot of trouble in the short term.

Make Up Temporary Accounts for Sites Requiring Registration

Sometimes sites will require "registration" before they allow you to access information. Several online newspapers have moved to this model, and there are others. However many of these sites also allow logins to persist between browser sessions so you only need to "log in" the once.

So make up your registration details, login, and then forget the details. If you ever get locked out you can use their password reset process, or just register another account.

So there's a few thoughts on strategies for how to manage lots of passwords. Watch this space for advice on how to choose a good password.