Off the Hook
This Week in Elder News: 21 February 2009

THE TGB ELDER GEEK: Passwords

EDITORIAL NOTE: Virginia DeBolt (bio) writes the bi-weekly Elder Geek column for Time Goes By in which she takes the mystery out of techie things all bloggers and internet users need to know to simplify computer use. She has written several books on technology and keeps two blogs herself, Web Teacher and First 50 Words.

Every time you buy something, sign up for something, join something or even scratch your nose in front of a computer you need a username and a password. How do you remember all those passwords? All those usernames?

Usernames are easier. These days, your email address can often be your username. Of course, if you have more than one email address, you have to remember which one you used in which place. It's okay to keep the same username for every situation.

Passwords need to vary. It isn't safe to use the same password everywhere you go. For some websites, like your bank or your credit card, you want a very secure password that won't be easy to crack.

A secure password has at least seven characters. It should have at least one letter and at least one digit. You can also include uppercase and lowercase letters in the mix, and punctuation marks or other special characters. Don't base the password on your username or use more than two of the same characters in a row (as in Judy222, for example).

Most modern browsers will ask you if you want them to remember a password. I allow this for a few sites where there is no money involved such as memberships in communities or social groups. For paying my phone bill or sites where ordering something online, however, I don't want that password in the browser's memory in case my laptop gets stolen. I still need a record of the information in case my laptop explodes in a burst of static and dies.

You can write all of your passwords down in a safe place. You then have to protect the piece of paper or book where you store the info. When traveling, don't carry the paper in the same case as the computer.

Relying on the old fashioned piece of paper is low tech and it works if you are consistent about keeping your list organized. But there's the security involved in possibly losing track of the paper. Don't leave it under the keyboard. That's like leaving your key under the welcome mat. Put it somewhere away from the computer that only you know about.

Do you use a password to login to your computer? If it's a secure password and hard to crack, that might give you enough security to store a document with all your passwords listed on your own computer.

Software is available to save your passwords in an encrypted file. Some free software that you can use to store passwords on your computer or on a USB drive that you can carry from computer to computer is mentioned in this article at tucows. When you use encryption software, you must remember the password to get into your password file, but you don't have to remember any other passwords. This is the most technically demanding solution to password management, but also the safest.

My advice is to assess your risk. Are you using online banking and paying bills online? This kind of activity requires some attention to password security and management. Or do you do only less risky chores like checking email or logging to your blog? For that, you can relax and simply write all your passwords down and keep the list in a safe place.

You can email your questions or suggestions here for future Elder Geek columns. Virginia cannot answer individually, but she may use them as topics for future posts.

[At The Elder Storytelling Place today, Nancy Leitz explains how a relative found out This Ain't Mink.]

Comments

Hi Virginia....

I dealt with issue for a while before settling on a password management tool. With forums, photo hosting sites, on-line accounts and the like it was a bit overwhelming.

I finally decided to use an Excel workbook file to maintain a listing of my usernames and associated passwords. The software (Microsoft Excel) as I am sure you know, allows you to "password protect" individual files if you so desire. This allows me to only have to remember 'one' password. The other thing to do is not name that file 'password' or some other tell-tale name.

You do, however, need to keep a backup copy elsewhere in case of a computer crash....or an even worse scenario of having your computer stolen. But I am assuming that even if my computer is stolen, the password protected file will keep my information safe.

For the casual computer user whose needs are simple, password management isn't a big issue; but, as you point out, it can become somewhat complex.

Unfortunately, there are some sites/systems that have, at the least different, at the worst esoteric requirements for passwords. One, in particular, does not allow the use of special characters of numerics.

I've given up trying to set a password on a FEMA site that I must access--it's too hard to come up with one that works. I let the site assign one to me. Then, there are sites/systems (usually the same as above) that require that passwords be changed every 30, 45, 60, 180 days. It's a price of "security". (I put "security" in quotes because one of the companies notified me that my SSN/info had been among those compromised.)

I have a notebook with alphabetized dividers. I write down the user name and passwords for every site I use and keep them handy, although so far, I've had no trouble remembering the ones I use daily.

My ex-husband died suddenly last fall, and he handled all the finances for himself and his wife on his computer. His wife had no idea of how to access their financial information and accounts, she couldn't even pay the rent!

One of his tech-savvy sons spent several days on his father's computer trying to guess the passwords for various accounts, based on what he knew about his father. He managed to crack them all. So I suppose it might be a good idea to have passwords that are "crackable" by close family members, in case of the inevitable.

Thanks for the great comments and helpful information so early this morning.

In a world like today's, people need to add information about online accounts and passwords to the information for after your death: perhaps kept with your will. This should also include instruction about what to do with your blogs, web sites, and social media accounts after your death.

Grim thought, but a new reality of modern life.

I make up sentences that include numbers and proper nouns, and then just use the first letter of each word for my passwords. The sentences are easier to remember than all the passwords. For instance: Jill graduated from Harvard when she was 20. This becomes JgfHwsw20.

For some reason my full comment post was not allowed. Maybe because I used symbols etc for example passwords. Here is the short version

Be sure your passwords are at least 8 characters not 7. The difference between 7 and 8 is significant.

2nd the program you choose for storing and securing your passwords is important. Excel is not a safe place (it's security is very weak).

See taylor-sandbox.blogspot.com/2009/02/regarding-secure-passwords.html for more

Otherwise a good article for the average person trying to be a bit more secure on the Internet.

I follow the same system Travelinoma recommends, but I often insert some punctuation, too. However, note that at least one widely used system,Oracle, doesn't accept characters other than letters and numbers.

I, too, use and like Travelinoma's system. And I see my good friend Taylor found his way here. Taylor is my programmer of choice. (He's way geekier than I'm trying to be here.) His advice to use 8 characters is good, so I'll second that.

Like kenju, I use an alphabetized notebook (actually and address book)and I've told my husband and my daughter where it is, just in case .... I usually carry it in the laptop case that goes with us in the RV. Not smart.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)