In light of the recent Zappos hacking incident, you should probably be thinking about updating your passwords around the web. Hackers gained access to the account data of 24 million customer accounts. They didn’t get your credit card data but they likely got your username, password, name, and address and if you use that same info on other websites, those hackers could gain access to your account info on those other websites too.
Shame on me because my own Zappos password was the same basic, lowercase letters only, word found in the dictionary password that I’d been using for more than 10 years. At some point, websites started requiring a minimum of 8 characters and then at least one number and then at least one uppercase letter so over the years I developed standard passwords that I used for everything that met those criteria as well. But then there were some websites that had more complicated criteria and when I created a password that met those criteria I could never remember what it was because it wasn’t one of my defaults.
So I had to start writing my passwords down. I just use a simple .txt file on my computer; by the time you’re sitting in my house and at my desk you’ve got access to any of my information you might want or need anyway so I’m not overly concerned with protecting that file.
And once we’re at the point where we’re writing our passwords down (which you probably want to be doing anyway in case you suddenly have some sort of massive brain trauma or die or something), we might as well get really random with our passwords. I’ve heard it said that the only secure password is a password you can’t remember.
About a month ago I started updating all of my passwords across the web with passwords randomly created by a password generator – I’m using PassMaker which is a free app I downloaded from the Apple App Store [affiliate link].
I can set it to exactly fit the criteria of whatever the website I’m creating a password for requires – some allow symbols, some don’t, some require a minimum length and some have a maximum length. Generate my password. Paste it along with my username and any other important info into my passwords file. And then once I’m sure I’ve pasted the correct password into my file also paste it into where the website asks me to enter my new password.
Make it a priority to update every unsecure password you find yourself using for at least the next week.
Once you’ve got your passwords updated, you might also consider printing a copy, putting it somewhere safe, and letting someone you trust know where that is and under what circumstances they should access your accounts.
Do you have any tips or techniques for creating and keeping track of secure passwords?
Related posts:
Genius Bartending: Broken GPS, Exiting Apps, and SMTP Passwords
How to add Google Talk and Facebook Chat to iChat
Smart Playlists Keep the New Content Flowing
| Tweet |
 |  272 readers |  2947 followers |  491 fans |
Here at 
{ 5 comments… read them below or add one }
Thanks for this post. Very timely for me as I’ve been updating my passwords and giving advice on the subject as well. I understand this is secure for the individual apps and websites, but isn’t it extremely inconvenient for you each time you visit these websites? Do you copy and paste from your own password file at that point? Does the Password maker remember them for you and make it easy to plug them in where they go? Thanks Carrie!
I copy and paste from my file. It takes maybe a couple seconds so it’s not as inconvenient as you might be thinking.
I’ve been thinking about this as well and have started using LastPass. However, what do you do when you’re on your phone and don’t have access to your text file?
i just put in my passwords to my phone when i’m at home and have my phone save them – i don’t do banking or anything that is too risky to save a password from my phone
I understand what you’re trying to do here, and I agree with you that it’s a great idea to keep a separate password for each website you log in to. However (respectfully) I totally disagree with the rest of the advice you’ve given here. Your suggestion to store a document of passwords on your desktop is risky at best and dangerous at worst, especially for people who are primarily using laptops or mobile devices (which, these days, makes up a large majority of internet users). Furthermore, are you aware that installed applications have access to the data that is stored on your clipboard?