Everyone has trouble remembering their passwords,
especially when each site requires a different amount of characters, capitals, and numbers. It’s only natural to want to click “Yes” when your browser asks if you want to save the password you just spent 5 minutes remembering. But once you learn how easy it is to see that saved password, you’ll quickly change your mind before clicking “Yes” again.
We are currently in the age of technology where a typical 6-10 character password separates an unknown “hacker” from accessing all of your financial information, social media accounts, emails, and pretty much everything you do online. Creating a strong password is often harder than it seems, with utilizing a different combination of upper and lower case letters, numbers, even special characters; because of this, it’s only natural to want something else to help remember these passwords for you. This is especially the case when you listen to the advice of many computer professionals and create a different password for each account, since having one set for every account is unsafe. I’m here to help explain why you’re potentially making finding your password easier for these “hackers”, and hopefully make your security even stronger than it was before reading this.
Let’s first go take a look at your saved passwords, just to show you just how simple it really is. *NOTE, IT IS ILLEGAL IN MOST COUNTRIES TO DECRYPT SOMEONE ELSE’S PASSWORD. PLEASE DO NOT STEAL A PASSWORD THAT DOES NOT BELONG TO YOU!*
On Internet Explorer:
- Internet Explorer is the “hardest” of the more popular browsers when it comes to viewing your password. I use the term hardest just in comparison to each other, not in terms of technical know-how. Internet Explorer saves your passwords to your registry, using an encryption method that uses your Windows login password. So if anyone knows your login info, or worse, is already logged into your account, then a simple program can be used to view all your saved usernames and passwords.
On Firefox:
- Go to Tools-Options-Security-Saved Passwords
- “Show Passwords” at the bottom of the window will do exactly that. See how easy that is?
- Now while Firefox does now offer an option to set a Master Password to lock this feature, you still are saving a list of secret info under one password.
- “Show Passwords” at the bottom of the window will do exactly that. See how easy that is?
On Chrome:
- Go to Settings-Show Advanced Settings-Under Passwords and Forms: Manage saved passwords.
- Click any website/login, and click the “Show” option after the “hidden” password, and voila. Again, see how easy that is?
On Safari:
- Safari saves your passwords in your Keychain Access, inside your Utilities folder. You may be prompted for the user account password, but again, hiding a list of passwords behind one password.
- Newest version of Safari also shows them in the Preferences menu, under Passwords (Click Show Passwords and login with account password).
Again, remember that stealing/decrypting someone else’s passwords is against the law and carries consequences. This is merely written to show user’s how to view THEIR OWN saved passwords, and not for stealing any information.
So now that you understand how easy it is to find your passwords, I’m sure you’re second-guessing your decision to have them saved for you. To delete your saved passwords, follow the steps above for your browser to go to where the saved information is stored, and you can delete them from there. For Internet Explorer, you’ll want to go to Tools-Internet Options-Content-AutoComplete Settings-Check off “saved username and passwords”-Delete AutoComplete History.
Now that we’ve gotten your all too easily accessed passwords out of the way, let’s suggest some ways to properly store them.
- Writing them down on a notepad, that is kept in a secure, secret place. Remember, your passwords are only as safe as your hiding spot is secure. Keeping the paper in the drawer of your computer desk isn’t all too hidden. A locked safe, cabinet, or drawer is a much better solution. Leaving it out on your desk after writing a new password down won’t do you any good either. Only go this route if you have a safe place to store the notepad, and are good about keeping it locked up.
- https://www.lastpass.com Offers a wonderful program that uses a stronger encryption method than your browsers offer, and is compatible with all of today’s popular browsers(as well as smartphones!). This is again hiding all your passwords behind one password, but the encryption offers an additional level of security from just accessing the file storing your information. If you decide to go this route, create a UNIQUE password just for this program, preferably one you can remember, and that isn’t used for ANYTHING else.
- Saving a Word Document with all your logins to a Flash Drive, that is kept in a secure, secret place, just like the first notepad suggestion. This is a little easier to hide/store, and more practical for those with messy handwriting (like myself). Again, this is only as secure as your hiding spot is, so leaving it plugged into your computer, or even worse, saving the document to your computer, will do you no good. This will only work when you save the file to the flash drive, and physically hide the flash drive in a secure, secret spot. If you have some technical know-how, encrypting the drive yourself will add another layer of protection as well as making the file and folder it is in hidden!
- Your own memory! NOTHING will beat this, as there is only one person that can access it: YOU! This of course becomes difficult with multiple passwords, but at the end of the day, you won’t have to worry about someone reading a file and finding out all of your passwords.
To end this week’s article, I’ll go over a few short, simple steps to creating a unique and strong password.
Some things to avoid when creating a password.
- The longer the password, the harder it is to guess. This is why router’s usually come with a 25-character passphrase that is a random string of numbers and letters; it’s harder to decrypt! Now you don’t want to have to remember a 25-character long password everyday, but something alone the lines of 8-12 characters is a safe bet.
- Use a combination of Upper and Lower case letters. For example, instead of “password”, try “PassWord”.
- Use some numbers in place of letters; For example, instead of using “PassWord” try “Pa55W0rd”. Notice the switch of S to 5, and O to 0(zero).
- If the website/program allows, try using some special characters. For example, instead of “Pa55W0rd” do “Pa55W0rd!”.
- So we started out with just “password”, a weak example, and after a few tweaks, end up with “Pa55W0rd!”, and much more secure example. (Please don’t use “Password” or any variation for your actual password, as this is often a common starting ground for someone looking to guess it.)
- You want to avoid using ANYTHING personal/related to your life. I know these types of passwords are much easier to remember, but they make it that much easier to guess. If you use a random everyday word, and do the suggested tweaks above, then there won’t be any hints for someone to start with. Unless of course it’s one of your favorite words or phrases.
- Avoid using strings of numbers/letters that are in order, such as 1234, or abcd. These are easily guessed, and do not make for a good addition to any password.
- If a password of yours is compromised, come up with a whole new password. Don’t just add a number or two to the end, or switch what letter is capitalized. Start fresh!
Now go do the necessary adjustments and make your accounts and passwords more secure!