Storing User IDs and Passwords

Previously we focused on how to establish strong passwords and protect information by improving password practices. This security update looks at ways to store those passwords and User IDs more securely.

Among baby boomers, 58 percent do not use secure passwords, according to the 2016 Norton "Cybersecurity Insights Report." And the report indicates that digitally native millennials are even more vulnerable.

Remember the days when recalling your locker combination was the most challenging "password" you had to know. Advances in technology have made it necessary to maintain numerous IDs and password "combinations", and that information is more vulnerable than ever before. Check out the attached document for steps to improve the storage practices for your passwords and User IDs.

How Safe Is Your Method for Storing User IDs and Passwords?

Do you use one of the following methods to store your userids and passwords? -on your smartphone which you keep locked with a secret code
-on a document saved to your computer
-on a list kept under your keyboard

Storing the userids and passwords on your phone is a way to protect them and have them handy when you need them, except when you don’t know where your phone is. Now the question will you remember all those userids and passwords without your phone or until you find the missing phone? Do you have a backup means to store that information so that you can continue to work?

How safe is having a list of user IDs and passwords on your computer? Do you lock your computer screen or logout when away from your desk? What if you are away from the office or work space and someone else has to go into your computer to retrieve a report or data that is needed. Once you give someone else access to that information, you no longer have security. Where else could you have a stored list of this information that would be readily available to you while away from your job? Is it feasible to have a printed list in your wallet or purse?

How many times have you sat down to work at your computer and the first thing that you do is look under the keyboard to find the user ID and password to access a program you don’t use very often? Once anyone sees where you store this information, it is no longer secure. Or to keep from having to write it down, do you use the word “password” as your password...or “123456” as your password? It can be difficult to remember a complicated password, but it is necessary. It is equally challenging to remember a 10 digit UID, but it is yours and unique to you. You must protect it.

Improve Your Practices for Storing User IDs and Passwords:

 Consider using a service, such as password manager program

There are a number of services that will help you manage your IDs and passwords; some are free and others require a fee, either monthly or annually. These services differ slightly but work on the same basic principle: Each is an online storage locker of your passwords, all hidden behind a single password that only you know (meaning you can't recover your master password from anywhere but your brain). Password managers also offer other perks, such as

a place to store secure notes, credit card numbers or information for filling in Web sites. You just have to install the programs into your Web browsers to record your login information as you surf. If you do use a password manager, choose a unique master password that you don’t use anywhere else, and be sure you don’t forget that master password!

Set security questions for password retrieval that only you would know

Many software programs readily allow you to change your password and be able to access a program immediately. After entering your user id, you can click on Forgot Password and by responding to the security questions, which you answered when you first created your account, you will be allowed to change your password and access the program you need. You should set up security questions that only you would know you. This will allow you to safely access or change a password and be up and working quickly.

Write them down - yes, on paper - but treat it as a valuable document with a high level of security

Treat a list with passwords or IDs like any other valuable document, which is to say with a high degree of security -- no sticky notes on your monitor that say " jdoe/password123." If you keep a printed list, change your password often and update the list of userids and passwords whenever you make a change. It is also a good idea to have this information stored in more than one secure location, ?and never, ever near your computer (which means never under your laptop or keyboard!). Store it where you would store anything else of value and never tell others where the list is kept.

Creating strong passwords, storing them securely, and changing them often are essential to safeguarding your most valuable information. It takes more time, but it is a small price to pay to prevent theft of that information that can wreak havoc in both your personal and professional life if it falls into the wrong hands.