Managing passwords

Time to read
1 minute
Read so far

Managing passwords

March 02, 2017 - 19:51

Rocco Maglio, Certified Information Systems Security Professional, CISSP, has over 20 years in the field of software engineering.


Rocco Maglio, CISSP

Handling passwords for your accounts is a constant challenge. You can use one password for all your accounts, but even large services are constantly being hacked. The people who get the credentials know that they are often used on multiple accounts, so they try the credentials on other sites to see if the credentials work on other sites. Yahoo, Linkedin and a number of other sites have recently had their username and passwords leaked. So therefore you clearly cannot use the same username and password for all your logins.

If you use a separate password for each site, it is very difficult to remember which password belongs to which site. Often this leads to you using the forgot password functionality again and again to reset your password every time you need to get into the site. This means that your security depends on the answers to the security questions which are often the same for all the sites.

There are also apps which are password vaults. You put all your passwords for your different accounts in one of these password vault apps and then secure it with a single password. This way you have the username and passwords for all your sites, but you only have to remember one password. You have to remember to add your password to the vault or it does you no good.

Many web browsers also provide a little of the password vault functionality by allowing you to save your password that you entered to login to a site, so as long as you use the same computer you will not have to reenter the password. The problem with that is if you need to login from a different computer or if you will need to know your password. Some of these saved passwords can be retrieved so you can see the password that was stored by the browser.

There is no magical solution for managing passwords. You can have tiers of passwords where you use a password for your banking, but a different one for your social media. This way you can concentrate on keeping the passwords secure that you really care about, and spend less energy on accounts like linkedin and facebook which you rarely use. You can try one or a combination of the techniques above or you could write your passwords in a notepad that you keep secure.