With all of the systems that require passwords and all the sites that require accounts to access it is impossible to remember all of the username and password combinations without either using the same credentials or writing them all down. There are huge security concerns with doing either of those two options.
For the one who uses the same credentials for everything from their webmail accounts to their personal banking accounts they leave themselves open for someone to have complete access to their lives. All it takes is for a person to obtain one of the accounts and they will have access to any of the accounts. Gaining access to the initial information can be from cookies stored on the machine (that are available via web browser vulnerabilities) to sites failing to use https: or SSL (secure socket layer) technology. This sends your username and password credentials in the clear across the Internet and has the possibility of being picked up by any number of machines.
With writing down the username and password combinations on a piece of paper there is always the possibility of either losing the piece of paper or of someone actually finding it and having immediate access to the accounts. The threat of this is great when the pieces of paper are left under the keyboard, taped to the monitor, taped on the laptop, or simply left on the desk. The password is used to add security to the computer and the applications, by writing down that information the person is simply throwing out the security. And yes, there is still the possibility of the packets with credentials being picked up on the Internet if they are sent in clear text, but usually when one is writing down their username and passwords they do have separate passwords for different accounts. So they will not lose complete control over all of their accounts if the piece of paper for one account is discovered.
One of the best things that one can do when setting up accounts is to use a different username AND a different password for each account during the initial setup. This can be tedious and difficult to remember (thus, the two tendencies referenced above). But there is a better way for a person to keep track of their passwords, which is to use a password management tool. This will help them to keep track of the different usernames and passwords associated with each account. Another benefit of using a password management tool is that a person can set a more secure password and not have to worry about forgetting it.
When it comes to setting a password there are differing levels of complexity. Since password cracking tools can guess or crack a simple password in a matter of seconds it is important that users set passwords that have some complexity to them. The choices a user can use when setting passwords they can use: alphanumeric characters (a-z; A-Z; 0-9) as well as special characters (!@#$, etc). By setting a password with upper case, lower case letters as well a numeric characters and special characters a user is setting a password that will not easily be guessed by a password cracking program much less another person. The problem is that they are not as easy to remember. This is why it is important to use a password management tool.
There are many password management tools that are on the Internet, some that are free and some that cost money. The debate as to which are better is strictly up to the individual. However, it is imperative with the age of technology that we are all in with online banking and online bill payments that we all set up our online accounts with user accounts having strong passwords. And in order to help us all remember what we set those accounts to (since we don’t always use them every day but some only once a month or a couple of times a year) it is important to have a central yet secure place where we can store all of the username/password combinations. It is even better if we can store the website information that is used to access the account and secure that with the other information.
Benjamin Corll
Director of Security for DH Innovations, an IT service integration company.
Benjamin holds several industry certifications and has been in the IT industry for over ten years. He specializes in network and information security. Consulting and performing network auditing and vulnerability testing is what he focuses most of his time on for the past couple of years.