Smart, simple password management

Posted by Ryan Jerz on Wednesday July 8, 2009.

I read this tweet by @ddkellogg today:

http://is.gd/1qpk0 Great article on passwords. Also has a couple other articles on strengthening and managing your passwords.

The accompanying article had a link to this one on managing passwords. I checked over that and thought, wow, I think the way we do it is actually more practical and accessible than what they’re describing. So I’ll lay it out and let people decide for themselves.

Full credit for this method goes to Christy because she developed it and implemented it in our household. It works brilliantly.

Steps to smart, simple password management

  1. Get a Google account
  2. Set up a Google spreadsheet
  3. Share the spreadsheet with the relevant people
  4. Identify your base password parts
  5. Enter passwords every time you visit a site that isn’t listed yet
  6. Keep the link to the spreadsheet handy
  7. Never have to click ‘Forgot Password’ again

Get a Google account

I sometimes get lost in my own world when it comes to this, but if you don’t have a Google account yet, I don’t know how you’re managing life on the internet. They’re simple, free, and available to anyone. Included with a Google account—just to name the things I have open all the time— is access to Gmail, Google Docs, a personalized Google homepage (my browser’s home page) and Google Reader. All of those are very useful tools that help me navigate my online life every day. And they all are just a login away from being available to you if you haven’t already taken that step.

Set up a Google spreadsheet

Google Docs logoOne of the coolest tools Google has built is their documents application. I bought a new Mac back in March or April (can’t even remember now) and one glaring omission from my software repertoire is a desktop office suite. I don’t need one. I can open and create .doc and .docx files, along with .xls, .xlsx, .ppt, and .pptx. why would I spend money and headaches on a Microsoft product I simply don’t need anymore? The simple answer is that I wouldn’t, and didn’t.

Now that you have your Google account set up, head over to Google Docs and start a new spreadsheet. Here you’ll need just four columns (five if you want to add keywords for searching)—one for the vendor, one for the site’s address, one for your username, and one for your coded password (we’ll get to that). Save the spreadsheet and you’re ready to move on.

Share the spreadsheet with the relevant people

Sharing is easy. If you have another member of the household (like a spouse) that has access to all the information you’ll be storing, click o the Share button on the top right of the page, enter their email address (preferably their Google one, so that they don’t wind up duplicating efforts) and send the link to the spreadsheet. If you don’t have someone who should have access, you can disregard this step.

Identify your base password parts

Here is where the simple part comes in. In order for this system to work, you should, and likely do, have a password that you use for just about everything. Perhaps that one password is “firetruck,” or some word that you could easily identify when asked. If you don’t, it would be a decent time to come up with one now. This will simplify your password management greatly, and the method I’m about to describe shouldn’t compromise it in any way. Come up with that word, and you’ve got this step down.

The same thing should go for a number that I laid out for a word. Many passwords require numeric characters in addition to alphabetic ones, so you probably have a system down that works for you.

Finally, figure out that special character or string of them that works for you. Perhaps you use a $ instead of the letter “S” in all of your passwords that require a non-alphabetic and non-numeric character. Or maybe you put one in a strategic part of the password all the time. Figure out what that is and hold that thought for a minute.

Enter passwords every time you visit a site that isn’t listed yet

Now that you have your base parts figured out, it’s time to start entering them. Start with the sites you know you visit every day. Where do you get your email? What about banking? Favorite shopping site? All of those will get you started down filling out your spreadsheet.

The first two columns should be obvious. Enter the vendor (e.g. AT&T) in the first column, and the website in the second (e.g. http://att.com/).

The third should be your username (e.g. mrjerz) You can code this if you like, but using something like “normal username” or “normal username all lowercase” or “normal username with capital first letter.” Whatever. I don’t think usernames are all that important to secure, but this is up to you.

The fourth column is the big one. You have you base word, base number, and base character(s). Here is where you enter your coded password. You can say something like “word number” which would mean it’s the base word and base number together. Another example could be “number symbol word uppercase first letter.” That would mean it’s the number, followed by the special character, followed by the word with a capital first letter. This part is up to you to make it simple to remember. You’re coding the password in a way that only you should be able to have a clue what it is, so even if this document got hacked you’d be safe from anyone looking to do anything malicious.

Here is an example:

my password spreadsheet

As you come across sites you enter passwords, go back to the spreadsheet and enter all of the passwords one at a time to keep it up to date. It’s important to keep this thing updated because without it being updated it’s relatively useless to you.

Keep the link to the spreadsheet handy

Once you have the spreadsheet filled out and it has become one of your frequent visits, do the obvious thing and make sure you have easy access to it. If you are using the Personalized Google page, you can add a Documents gadget to it and have your Google Docs right there all the time. Otherwise, you can bookmark it another way to easily open it in a tab any time you can’t quite remember if the site you’re about to log into requires a capital letter, special character, or whatever.

Never have to click “Forgot Password” again

That’s it. You’ve set up the perfect password management system in a simple, easy-to-use way and you’ll never have trouble remembering passwords again. The bonus is that the file containing your information isn’t stored on your computer, so it’s not susceptible to lost data through hard drive failures, crashes, or any other problems that afflict our computers. Google saves the data automatically and it’s accessible from any computer with an internet connection. That’s pretty awesome.

Have a better way of storing and remembering your passwords? Let me know in the comments and we can have a password-off!

Other goodies for your machine

Ryan JerzRyan Jerz is an all-around good guy who wants people to eventually refer to him as "that dude who climbs mountains."

Archive | About