YikesSometimes it feels like passwords are the bane of my existence.

Some years ago, I realized that keeping track of passwords in a text file was probably not real bright.  If someone stole my PC, it would be a simple matter to bypass the Windows login and find all the keys to my identity.  So I switched over to a free password manager (KeePass) and have been tracking things in there ever since.

As of today, I have 383 passwords stored in there.  It’s out of control!

And I have a confession to make: I’ve gotten lazy.  I’m not inspired enough to let the program generate random passwords for me, because I want to be able to operate out of my memory most of the time.  So I have several levels of secure passwords:

  1. The sites I don’t really care about, so I just use a simple password that I created about 10 years ago – it’s not words, and has letters and numbers, but that’s about as good as it gets.
  2. A secondary (but just as simple) password that I created when I started getting nervous about using the same key everyplace, and some sites were asking me to periodically change the key.
  3. Complex (and different) gobbledegook passwords that I use for anything related to financial matters.

The problem is, things have changed.  And it looks like that my have gotten me into trouble.

Today I received a few suspicious emails which indicated that just possibly something may have been sent from my personal email account.  The problem is that, when I set it up, I wasn’t worried about it, and so I used the simplest possible key – number 1 above.  Which is the same one I used for several social media sites and tons of other places I don’t worry about.

One of them may well have been compromised, which would have yielded both my personal e-mail and its password.  Bad move.

Fortunately, that was easy to fix – this morning I went in and changed several of the key accounts to use strategy 3.  We’ll see if that makes any difference to those strange bounce emails.

I thought I was fairly sophisticated – well at least at one time.  But here’s what I’ve learned:

It’s valuable to periodically review the accounts for which you’re using one of your “commonly used” passwords.  Worry more about popular social media sites, because they’re under constant attack from hackers.  For anything which relates at all to your business success or personal security and happiness, switch over to separate and different more complex passwords.  If you’re inspired, go ahead and use a password generator program to create something which is highly secure, and resign yourself to never being able to remember it.

And invest in a secure password-keeper program.  Mine is available on several platforms including my Android phone, and I have the database file automatically synced using Dropbox.  And of course, THAT program uses an absolutely unique key which was created so it’s reasonable to type on a phone keyboard.

Now back to changing more passwords!

Advertisements