As we get older, we acquire more of the following three things. Keys, items that need charging and passwords. All of which are a pain in the butt. Your key collection grows mainly because you’re an adult and someone thinks you’re responsible. Hence you not only have your own keys but a set for work and possibly spares from members of your family. As for items that need charging, that seems to be pretty much all technology these days. It’s why power sockets now come with a USB option. But this is the world that we live in and until it changes, we just have to try and get by the best we can. Today I want to talk about passwords. The fact that we have so many of them and what is the best way to manage them. But before I move on to the subject of password management, let’s go over the basics of what is actually considered to be a “good” password and by good, I mean one that is hard-to-crack.

Let’s not bullshit each other, most of us do not follow a good password policy. Lots of us favour a combination of letters and numbers that we can remember easily and simply use various permutations of it across multiple sites and apps. These tend to be the names of children and pets, dates of birth or some sort of pop culture references. However, they are not that secure and therein lies the problem with them. Furthermore, people (and I include myself in this) are inherently lazy. We consider the risks to be minimal and assume that nothing bad will ever happen to us. As a result, we will use the same password or variations of them, again and again just to make our lives easier. The problem with such an approach is that if one of your passwords is compromised, it leaves you exposed across multiple applications and websites.

According to Microsoft “a strong password is at least 12 characters long but 14 or more is better. It should be a combination of uppercase letters, lowercase letters, numbers, and symbols. It should not be a word that can be found in a dictionary or the name of a person, character, product, or organisation”. Now that’s all tickety-boo in principle and the underlying logic is clear. Such a complex password is a lot harder to crack. However, what it means in reality is that you’ve got a password that looks something like this. o96sj=Y@)l;^1mb. It is highly unlikely that you’ll be able to remember a string of characters and symbols like that, let alone a dozen or so of them. Which means that you’ll need to write it down in a log book or something similar. I know several people that use a rolodex. Alternatively, if you don’t like such an old school solution, you can use a password manager

I have used LastPass as a means of storing and managing all my online passwords for over a decade. The account is protected by a master password and several other authentication requirements. A browser extension then allows me to access my password directory while online. It can autofill both username and password fields on a logon screen if directed. LastPass can also generate secure passwords for you if required and can also store other details that you may use online regularly, such as payment and address details. Hence it makes all aspects of password management a lot easier. There is a free version available for a single user or you can pay a subscription to have access across multiple devices. However, despite the benefits of this software there is still a requirement for the user to do some “housekeeping” from time to time. It is also worth noting that password managers are not bullet proof.

As you can imagine, after a decade plus of use, I have built up quite a lot of passwords in LastPass. So today I logged into my vault and manually trawled through all the passwords that were stored there. I deleted about 50 or so old and obsolete passwords. Many were for services that are no longer available, such as old forums and websites. I renamed some entries to make them more intuitive and then I took the precaution of exporting all password details as a CSV file. This is because I cannot upgrade my LastPass account any further due to legacy issues and I am considering moving to an alternative password manager such as Bitwarden and using it across all my devices. Out of all the companies providing such a service, Bitwarden seems to have the best track record and to date, hasn’t been hacked or compromised in any fashion.

Passwords management is a loaded subject. It is something we all tend to approach through a haze of cognitive dissonance. We know exactly what we should do but more often than not do the complete opposite. Then we whine when things go wrong. I’m sure I’m not alone in having a prodigious quantity of passwords. The current count is 282. Admittedly if some were lost it would not be a big deal. But there are some where it would be a real inconvenience to have to reset them. Which is why I force myself to be organised and stay on top of this issue. Mrs P handles things differently and uses a password log book which she scrupulously keeps up to date. Whether your solution is high or low tech, it is better to have some sort of system in place, rather than having to start one from scratch after some catastrophic disaster.