Ask Dr. Tech: Tech tips to get the most out of your computer passwords (part 2)

Dr. Jon Dorbolo

Your personal identity is expressed in many forms, but a common thread that holds your identity expression together is your choice of passwords.

Choose strong passwords that resist hacking and your identity spreads outward with confidence.

Choose weak passwords that are vulnerable to identity theft and your identity can lose freedom and power instantly.

In last week’s column I shared my system for creating super-strong passwords that you can remember, which you may access at my blog –

In addition to designing strong passwords it is important to keep track of them for future reference because websites change, you acquire new devices and some day it may be important for someone acting on your behalf to access your accounts.

The solution to these needs is to log your usernames and passwords for all accounts.

There are easy and free but less secure ways to log passwords.

There are also really easy, very secure, convenient and inexpensive options which I will save for last.

First let’s recall the three qualities of super-strong passwords.

1. Make your passwords 10 characters or more.

2. Use a diversity of character types in making your passwords; a mixture of lower-case, upper-case, numbers, letters and symbols.

3. Make a unique password for every account.

It is not hard to employ a system of passwords with these qualities using the mental algorithm that I described in my earlier article.

In addition to my system of personal cryptography, I log each new password as a private record, mainly to bail me out of occasional “senior moments” – don’t laugh; I am aware that some of you have senior, junior, sophmore, or freshman moments as well.

For decades I have maintained an email account for with the only purpose is to log my account information. The email account is under a secret name that no one would associate with me; I used to read a lot of spy novels.

Every time I create a new account I send an email to that inbox with the web address or device name, username and password.

Looking at it now I see that I have more than 400 accounts and can search for any one of them to check my login info.

The cool thing is that I can add to and access my inbox password log from anywhere in the world, except for Waldo Hall on a bad wifi day.

The inbox method has weaknesses and I describe it here merely to illustrate the principles of password logging.

Hardware password safes are small devices with a keyboard with which you enter and store account information. These devices are excellent as backup when a computer or network crashes.

A flaw of both the inbox and hardware safe methods is that they only work if you add new accounts and update changed information to them reliably. If you get lazy with updating, the value of these methods declines.

The contemporary and most powerful approach to password security is password management applications.

These are software or cloud-based applications that give you a suite of tools for managing your digital identity.

There are many password manager products of which I will review three and outline functionality found in most.

Password managers recognized when you create or change an account and automatically logs the information.

The next time you login to that account the manager offers to fill in the password for you and can choose to automatically login to specific accounts whenever you browse to or open them.

With these options in mind the most powerful security aspect of password managers come into play; they can change your password with randomized strings every time you log in, making your accounts virtually uncrackable.

Manager apps provide inventory views of your account information affording you full control of account information and even a means to re-discover accounts that you forgot that you had.

Some password managers act as digital safe deposit boxes allowing storage of personal information such as bank account numbers, images of passports and ID cards, credit card numbers, critical documents and the key to that tax shelter you keep in Cayman Islands (more spy novel stuff).

The bottom line is that you should have more than one method of securing account information and a password manager should be among them.

LastPass is a powerful cloud-based password management tool-set with both free and pay-for-premium versions. The premium version ($12/yr) lets you synch passwords among your computer, phone and other devices.

I like LastPass because as a cloud-based app I can access it from anywhere on any computer. If I am using a library computer, I can login to LastPass, select the site I want to access and I am in. This is a very secure and usable option for managing your account logins and other critical data.

Dashlane is a well-designed program that you install on your computer and devices. It runs in your web browsers and apps to manage anything that you can login to. The premium version ($30/yr) synchs all of your computers and devices.

One clever feature of Dashlane is the ability to set up trusted people to share information with. I know that I have emphasized not sharing account information, but there are exceptions to that rule such as if you are out of town and may need a co-worker to access your work station or if you are ill and a loved one needs to manage your accounts.

With Dashlane you can set trusted agents and select the information they may gain access to. They get one-half of a binary key that they can use to open the information only after a wait period that you set in advance. When they use the key, you get a notification which you may use to cancel the request. If the wait period passes and you do not cancel, they get access. This feature is a good idea and is one of several strong design aspects of this application.

1Password is a program that you install on a computer and can synch with your devices. It does not offer a free version, but has a plan that you can share with up to 5 others for $5/mo and has most of the functionality I have been describing. The aspect of 1Password that I really like is a lifetime license for a one-time cost of $64.99. This appeals to me because I use these tools to store my most important personal information. The last thing I want is for it to vanish because I missed a monthly or annual payment. I have loved ones to care for and find solace in knowing that the information they need in an emergency is there for them independent of payments.

There are many other password managers and password safes that work as device apps and downloads.

I recommend that you start by checking out LastPass, Dashlane, and 1Password, then choosing based on features that you will use.

Most important is to recognize that to use a password manager you must have a Key password that logs you in. That Key password must necessarily be secure and memorable.

That brings us back to the need for a solid password strategy and to my system for designing super-strong passwords, which only requires your intelligence and attention.

Your intelligence in combination with well-designed applications will put you at the top 10 percent of all computer users in terms of intentional password and identity security.

The opinons expressed in Dorbolo’s column do not necessarily reflect those of The Daily Barometer staff.

Dr. Tech’s blog:

Was this article helpful?