Problem #2 — How should I manage all these passwords?

Solution #2 — One of the problems many users of technology have is the need for lots of usernames and passwords to various software and online accounts.  You may have a username and password to leave comments on this blog?  You probably have login for your email, various financial institutions, cell phone company, online stores, an apple ID, Google ID, Microsoft ID, and on and on…

At last count I have 294 different username and password entries.  I’ll grant that I am not “average” in this department and some of those 294 belong to other members of my family, but I’ll bet you have quite a collection.

Now we all know that in a perfect world we would have a long, unique, random character password for every different login.  The password would use upper and lower case letters, numbers, and symbols.  It would not contain any dictionary words and not be in any sort of repeatable pattern.

In real life this is nearly impossible.  I have two ideas to get you thinking about improving your passwords.

1. Learn to use a password manager.  If you use Apple products exclusively (iPhones, iPads, iPods, and Macs) for all your computing needs and you place a high value on the Apple aesthetic you should check out 1Password from Agile Bits. If you (like me) use a variety of computer platforms Apple, Windows, Android, etc. you should consider Lastpass from Marvasol.  There are other such software, but these two consistently rise to the top of the list for security and convenience.
2. You can with a few simple tricks vastly improve your password security habits.  From the mathematical point of view two things do more for the security of a password than any other factors.  The first is including all character types upper case, lower case, numbers, and symbols.  The second is making the password longer.  Steve Gibson introduced me to the idea of “padding” in a password (article here).  The basic idea is to come up with a system for yourself where you can increase the length of your password by using a symbol or two repeatedly.  So it turns out that a random password (like cJ839X!B63) which is only 10 characters long is LESS secure than a longer password that is easier to remember (like Apple8********) where you follow the 8 with the * character typed 8 times.

One final thought on passwords for now.  Many smart people recognize that the password systems we have now in wide use have all sorts of problems.  I expect to see some new login systems in the next few years based on public key cryptography that allow you to securely log in to your favorite accounts with no password at all.  So passwords may be one of those problems where we discover an even better solution soon.