October 18, 2013 –
In our last installment, we discussed the importance of strong passwords, in addition to providing some tips on how you can effectively create a strong password. And, while creating a strong password is certainly a great first step, the password still needs to be effectively managed if your information is to remain secure. Thereby, with that being said, this week’s installment will focus on common storage methods for passwords, in addition to providing some general tips regarding password retention.
Essentially, there are four ways that, you as a user, can store your passwords:
1. Master of Memory
If you have the ability to remember all of your passwords, the this certainly is a viable option. Unlike other storage mediums, which can all be cracked with a certain degree of effort, your mind represents one of the most secure places to store your information.
In addition to being one of the most secure storage mediums, it is also one of the most difficult ways to manage your passwords. Most people have, at a minimum, four passwords, and some may have upwards of twenty. Remembering four plus passwords can be possible, however with each additional password, the likelihood that you will utilize easy to remember passwords or forget a password will increase as well. Furthermore, if something were to happen where you would become incapacitated, it would represent a significant challenge for others to uncover your password protected information.
How to improve
Even if you consider yourself a master of memory, it is still strongly suggested that you use one of the following methods to store your password to counteract the aforementioned disadvantages. Sacrificing password strength and/or permanently losing access to information must be avoided at all cost, and there simply are too many other effective storage methods to only commit your passwords to memory.
2. Post-it’s Best Customer
The post-it has enjoyed a long history as the preferred password storage medium for most individuals, and for good reason. It’s convenient, and it’s easily manageable if used for a limited number of passwords. Furthermore, people often avoid complex passwords because they are difficult to remember. Therefore, in theory, by writing a password down on a piece of paper, you have the ability to utilize a stronger password.
The post-it note in plain view has long been viewed as one of the worst password storage methods utilized. Having your password in plain-view, for any period of time, greatly increases the likelihood that your password will be compromised. Furthermore, not only are you at a greater risk for having your password stolen, but if you have multiple passwords to remember, then managing your passwords can become overly complicated.
How to improve
There is nothing wrong with writing down a password on a piece paper; however, the note must be kept in a secure location. Now, while keeping the note in a locked desk is certainly superior to leaving it in the open, you are still keeping your password in the vicinity of the corresponding program or device, and locks only keep out the honest. Therefore, instead of keeping the piece of paper at your desk, why not keep it with your other valuable pieces of paper – in your wallet.
3. Microsoft Office Guru
In our last two examples, while each method had their own unique advantages, they both left much to be desired in regard to effective retention and storage. That is, as the passwords begin to add up, managing all of your passwords could become an unnecessary burden. However, for those who utilize Microsoft Excel or Word as their password storage medium, the password management process can be much easier to maintain.
While continually updating an Excel or Word file may be easily manageable, such a method is not without its disadvantages. Specifically, if you are going to use an Excel or Word file to store your passwords, then logically, you should have a password protecting that file. However, once again, if you forget the password protecting said file, then uncovering the password protected information would present a significant challenge.
How to improve
Take some advice from Post-its best customer and write the password for the file on a piece of paper. Remember, it is important to keep your written password in a secure location – preferably in your wallet or in a locked container away from the device that is password protected.
What about the fourth method?
Don’t worry, we didn’t forget about the fourth method; more so, unlike the methods discussed above, the fourth method is foreign to many. Therefore, to avoid leaving out any important details, we felt it would be best to dedicate an entire blog to the subject. So, join us again in two weeks, where we will discuss the fourth and final password storage method.
If you are unsure that your business is adequately protected, our Information Security Baseline Review is an ideal starting point for answering all of your questions, and providing you and your key managers with a basic education of both the threats your company’s information faces and what practical approaches you can take to protect it.
Remember, a false sense of security is worse than being unsure. We have a variety of tools and resources to help you. I encourage you to call to take proactive action.
About the Author
William Prohn CISSP, CISA, CGEIT, CRISC, CMMC-AB RP
Bill oversees all aspects of information technology for the firm, and provides consulting services to a wide spectrum of Dopkins’ clients. He has over 30 years of experience in accounting and business information systems. His specific interests include creating meaningful, practical management information using computer technologies, and the security of business information and systems.