Managing Your Passwords

With the proliferation of websites, subscriptions, and access points all requiring you to establish an ID or account, managing your passwords is a challenge. Using the same password for many sites is not a secure practice, as it risks the possibility of ID theft or unauthorized access to your information. Many of us have difficulty remembering the unique credentials and password we used, especially if it is for a site we do not visit frequently. For these reasons, using a password manager could be a worthwhile effort. Password managers are software applications or services that allow you to build a directory of the applications/ sites that you access, populate the login ID and password used to sign in, and organize these details. Many will generate a secure password when you register for a new site and then load the details into your profile. It can also fill in your credentials when you navigate to a site you want to use. Storing details in a password manager is much safer than storing them in your browser, as values held in the browser are often not encrypted or secured. Password managers require you to remember one thing: your master password. You set a master password when you set up your account. If you lose it or can’t remember it, it can be very difficult to recover your data. When you visit a website, the password manager will either log you in automatically or auto-fill the values so you can manually log in. Password managers can also fill in online forms; you build a standard profile for name/ address, etc., and the data can prefill a registration form for you. As an example, it can automate the entry of your data for online shopping, rather than you entering your billing and shipping address every time. There are several password managers available without cost or for a small annual fee, depending on the package and devices involved. Their method for keeping your data secure breaks down into three main types: Cloud-based storage: Encrypts and manages your passwords and related data on a secured cloud-based website, for access to any device (PC, mobile device, etc.) that you are using. Cloud-based tools also allow you to store a backup archive on your PC or USB drive, or you can print your profile. Some examples of cloudbased password managers are Last Pass, Password Genie, DashLane, MSecure, and KeePass. PC-based storage: Stores and manages your data on your computer in an encrypted file. The downside is that you have to manually move/ manage the data if you are using a mobile device or other computers. Examples of PC-based password managers include RoboForm, DirectPass, and Norton IDSafe. (Some software bundles include password managers, including Trend and Norton.) Hardware-based: Typically using a USB drive, the device encrypts and stores your credentials and accesses them when you log into a site to authenticate you as the user. The USB drive is portable for travelers, but may not work easily with some mobile computing devices. Examples of hardwarebased password managers include Kaspersky, Splash ID Safe, and MyLok+. If you use a mobile device (smartphone or tablet computer) in your work, make sure there is a mobile app of your password manager that can port to your device as well as to your desktop or laptop computer. Additionally, always use the highest level of encryption that the tool you select offers, and be sure there is a secure way to periodically export your profile/passwords to be stored in another device or location. Here are a few tips on making your passwords more secure:
• Use a group of random words together. Four unrelated words that you can easily remember is a simple and secure way to set a password.
• Use uncommon patterns that would slow the cracking of a password. For example, instead of using “the quick brown fox” mix up the order to “quick fox the brown” as this does not match commonly available word strings used to crack passwords.
• Don’t use biographical data—don’t use your birthday, house address, phone number, spouse’s name, etc. in your password. These details are all too easily found.
• Some experts recommend using symbols along with uppercase and lowercase letters and numbers. Current thinking is that this is more important than the length of the password for more security. Most password manager software allows you to access a free trial version. Check it out for yourself and see if it can simplify this part of your computing. Frank Tresnak is Business Development Director for Symmetry Software. He is also a member of the Emerging Technologies Subcommittee of the Strategic Payroll Leadership Task Force (SPLTF) and frequently speaks to American Payroll Association statewide meetings on technology subjects. This article originally appeared in the October 2013 edition of Paytech Magazine, the American Payroll Association's membership magazine. The American Payroll Association (APA), www.americanpayroll.org, is the nation's leader in payroll education, publications, and training. This nonprofit association conducts more than 300 payroll training conferences and seminars across the country each year and publishes a complete library of resource texts and newsletters. Representing more than 22,000 members, APA is the industry's highly respected and collective voice in Washington, D.C. Get more information at www.americanpayroll.org.