“I’ve got lots of passwords, so I store them in Excel on my computer. ». A photographer once told me that. He stored all his passwords in an Excel sheet, he thought he was doing the right thing. This is a big mistake, this is why you should use a real password manager.
How to manage your passwords
You’re wondering why I bring up this subject on a site that’s supposed to talk about Nikon and photography? Because many photographers, like you, have created accounts on different sites to publish their photos, share, communicate, prepare their outings and trips …
I can’t count the number of messages from readers who tell me they have lost their password to access the training courses or the forum and ask me to send it back to them. Being myself paranoid when it comes to managing my personal information, I have set up a simple method to manage my passwords, it may interest you so I share it.
I’m in the same situation as you: I have hundreds of different passwords for hundreds of sites, and I have to :
- manage them in a secure manner,
- to find them very quickly,
- change them regularly,
- have access to it wherever I am.
Managing your passwords allows you to post your photos wherever you are, even if you don’t use your computer (at a relative’s for example), to show them (if your gallery is private), to send them.
Managing your passwords requires the use of appropriate tools, otherwise you risk :
- lose your passwords,
- never change them (it’s not right),
- spend some time tracking them down,
- not having access to it everywhere and all the time.
First serious mistake
Always use the same password for all sites and accounts you create.
It is certainly easier to remember a unique password, but if it is hacked, all your accounts are at risk at the same time, I let you imagine the consequences.
A different password must be used per site.
It’s not that restrictive, if you follow the method below, you won’t have to choose your passwords or remember them.
Second Serious Error
Use simplistic passwords:
Don’t laugh, we all did it. Just like choosing your date of birth, that of your partner or children, or the name of your favourite pet. No ?
Most of this information is public. Take a few minutes to look for it and you’ll probably find it.
Also avoid all the words in the dictionary. Hackers use dictionaries to try to find your passwords. “Apple”, “House” or…” Containment” are not secure passwords.
Use complex passwords that only you can imagine.
example of automatically generated and stored complex password
Third Serious Error
Create passwords that are too short.
A good password should be at least 12 characters long. The more characters, the harder it is to hack. Memorizing 8 letters or 12 is the same for you, but 12 is harder for others to hack.
Don’t worry, I don’t remember any passwords, especially not when they are 12 characters or more, I get help.
Fourth Serious Error
Use only letters. Or numbers.
POMPOM’ is easy to hack even if it’s not in the dictionary. ‘JENAIMARRE’ too. ‘09112001’ is too easy for a robot.
Mix upper and lower case letters, numbers and signs (&, !, ?, $, …).
Choose for example: zd5gh&dy7Yeg.
Fifth Serious Error
Use an office file (Excel, Word, …) to store your passwords.
E-mails, a notebook, Post-it notes, none of it’s secure. And it gets lost really fast. I’ve got over 400 passwords to memorize, it’s impossible, my memory can’t remember them all. But I don’t store them in Excel! I use a password manager.
What is a password manager?
Two main functions
A password manager is an online, secure, encrypted, professionally validated safe. It allows you to automatically generate very complex passwords and store them.
You access it from a computer, a smartphone, a tablet. You can create as many passwords as you want. As long and complex as you need.
The main advantage of a password manager is that you do NOT have to choose passwords, you do NOT have to remember them. You create a unique master password, which only you know, and it is the only one you will have to remember. This password gives you access to your password manager which takes care of everything else.
Yes, but… If you lose or get the master password hacked, you can get everyone else hacked, is that what you’re thinking? It’s unlikely (I prefer not to say “impossible” but I mean it very strongly).
This “master” password is not used anywhere. It is not written anywhere. If you lose it, the password manager offers a method to regenerate it safely. This is a special secure procedure. Only you can execute it.
Nothing is ever infallible, but it is the safest solution available today.
the security challenge allows you to check if your passwords are reliable and/or compromised
Most password managers offer additional functions:
- automatic filling of passwords on websites,
- Secure password sharing,
- automatic recording of updates,
- automatic change of old passwords,
- duplicate detection,
- securing your notes and personal information.
Which password manager to choose?
Several services are recognized as reliable and serious:
Choose a service that offers a smartphone application, this allows you to securely access your passwords on your mobile without ever storing them on it.
Some password managers are free, others very inexpensive.
Whatever the cost if there is one, it will be less than if your accounts are hacked, your accesses blocked and information stolen.
If you are interested in this kind of practical article, let me know via the comments, I have lots of other ideas.