You decide your e-mail password is going to be your dog’s name and his birth year, Charlie08, that is easy to remember so you also choose this for all your credit cards, online banking, Facebook, and Twitter accounts also. You have a phishing attempt on your FaceBook account and the attacker succeeds and now has your e-mail address and your password. Now what?
If you were to have 1 password compromised by a keystroke recorder or a phishing attempt you would put each login you use that password on at risk and would have to change every one. Some people have numerous logins between banking, shopping, work, and social networking it would be almost impossible to make sure you changed them all. Miss an e-mail account and you are once again back to round 1.
First off, every account you have should have a secure unique password
that is not a word, name, date, or something everyone expects like “secret” or “password”. It should be a string of random characters consisting of upper and lower case letters, numbers, and characters at least 8 digits long. An example of a good secure password would be 7hBKY2^e. Who would guess that password? Now, your thinking, “How the heck am I going to remember a password like that for each and every account! They all have to be different?” I will then ask you how important your data and bank account is.
UPDATE: There is a new way to build a secure memorable password in my Passwords You Can Remember post.
It’s not that bad actually, I probably have at least 50 logins and passwords to manage and I don’t find it that difficult to be honest because I use a nifty secure tool and all I really need to remember is 1 password, LastPass. These guys have developed a tool that allows you to save all your passwords in an encrypted place that only you will have access too and all you will need to remember is your master Password. I trust this setup, especially recently with their possible recent security breach they asked their members to change their master password due to a strange traffic anomaly on their servers. They did this just to make sure each person was safe and they remained completely open about it all the way from the beginning. If you have a secure random character master password, you would be safe.
LastPass not only stores your usernames and passwords but they also have plugins to integrate into your browsers and Apps for most phones so you have your passwords on the go. Not only that, they have a tool to allow you to create a randomly generated secure password. In my opinion, it wouldn’t hurt to double up and keep a written record of these in a safe place just in case but that is personal preference. I backup data the same way by doing a hard copy of data and an online backup. I am working on a secure backup post that will be posted soon.
After your done reading this, it would probably be in your best interest to change your passwords so each of your log-ins are setup with different passwords. If you aren’t comfortable with using a password management service, I understand, make a paper copy and a copy to lockup somewhere for safe keeping but use a password generator for making secure passwords.