With our use of web-based services and applications on the rise, proper password management has never been more important.  Unfortunately, poor password habits continue to be the single biggest threat to information security.

Many individuals regularly use weak passwords crooks can easily guess.  One in 250 actually use “password” for a password!  And quite a few inadvertently reveal passwords to the public through social networking sites or other forms of daily Internet use.

Creating Strong Passwords
When creating a password, don’t use personal information such as names of family members and pets.  A strong password includes letters, numbers, and non-alphanumeric symbols such as #,%, *.  And remember:  Longer is more secure.  Each character you add is increasing the possibilities a password cracker has to try exponentially.  For critical accounts with financial institutions, make your passwords as long as the systems allow.

If the password system is case sensitive, you can increase password strength significantly by throwing in some upper case letters.  You can also bolster your password’s strength by choosing a user ID that is not your name.  Then, you basically have two passwords to get past.
The best password means something to you, but looks like a random string of nonsense to anyone else.  For some tips, see
• “How to Create a Strong Password You Can Remember”
• “Generating a Strong Password”
• “Protect Your Online Accounts”

Passwords should be changed every 60 to 90 days—the more frequently, the better—and don’t recycle the same ones on a regular and frequent basis.

Using the same user ID and password with every online registration increases your risk, because anyone who gets them will have access to all your accounts.  You might take the same basic user ID and password, and alter them slightly for each account according a pattern that is obvious to you but not to anyone else.

Use a Password Management Tool
Once you’ve created these passwords, you can use a password management tool to remember them for you.

One popular product is called RoboForm.  Once the software is installed on your computer, you simply go to a site and register, or log in if you have already registered.  RoboForm will ask you if you want it to remember the site.  Next time you go to that site, Roboform will recognize it and pop up the site name.  If you click on the name, RoboForm automatically fills in the login information.

RoboForm will save different login information for as many sites as you want.  If there are sites where you have multiple accounts—say, three or four different e-mail accounts from the same service provider—Roboform will let you store separate login information for each, and display all your choices when you go to that site.

Yes, your browser can also remember sites and passwords.  But RoboForm offers better security and does a lot more.

For example, RoboForm will auto-fill almost any registration form you may encounter out on the web, recognizing the fields for name, address, phone number, etc.  If you register for a lot of webinars, events, and sites, it can save you an enormous amount of time and prevent a lot of human error. 

Roboform is one of many password storage tools on the market; see a recent product comparision at TopTenReviews. 

Password Management To Go

There are web-based password management tools available, and they have the added advantage of giving you access to your stored passwords from any device you happen to be using when you are away from your office, including PDAs and smartphones. However, you are trusting a third party to store your access information for you, and many security experts think this is a bad idea.

RoboForm can be taken anywhere and used with any computer via a free RoboForm2Go add-on that is loaded onto a flash drive.  Roboform also supports the popular handheld computers and smartphones.

Passwords Should Be Short-Lived

Having unique passwords for each account increases your security.  However, it makes changing passwords every 60 to 90 days that much harder, and the password management tools don’t automate this process.  If you are registered on a lot of sites, separate out your really critical accounts, such as financial institutions, and apply a separate, very stringent password management policy to them.

Good password management requires that you invest time and effort on a regular, ongoing basis.  Put a schedule in your electronic calendar, and set alerts to remind you when it’s time to change your passwords.  Lock the barn before the horse is stolen, not after!