Monday, August 26, 2013

May the strong password be with you...

A dear friend asked what the best way to change their passwords in all of their accounts on a regular basis.  I recommended that they get a trustworthy password storage application to help with this process. My favorite app for this purpose is 1Password.  Regardless of the password management product that you use, the following procedure.

1. Login to existing web site with existing credentials.  For example, go to and login.
2. Navigate to personal profile page where you can chage your password.   In our example, I believe you click on "Your Account", then click on "Account Settings", and finally you can click on "Edit" password.
3. Open up your password management software.
4. Bring up the account if it is an existing account in your password management software.  If there isn't  an entry in the password management software for this web site or application, add one.  One of the features that I really like about 1Password is that when you login to a web site, 1Password will ask you if you want to save the credentials into 1Password so that it automates adding new entries and updating existing ones.
5. Enter your old password into a password history section of the password management program's entry for the target web site or application.  In 1Password, I enter the old passwords into the notes section.  This is a good habit to get into because sometimes the new password that you entered does not satisfy the password policy of the web site or application and you have to re-enter the old password.  If you had overwritten your old password with a new one in your password management software and didn't remember the old one, you may have to use the password reset function of your web site or application to change the password rather than just changing it through your profile settings.
6. Use the password generator of your choice to generate a strong password.  If the web site permits, I usually try to pick a password that is 30 or more characters long with at least one numeric, one lower case alpha, one upper case alpha and one non-alphanumeric charcter.  The two exceptions that I don't do any more are replace vowels with similarly looking numbers nor do I use an excalmation point at the end because these are used in crack dictionaries.
7. Use the newly generated password to change the password in your web site profile or application.
8. Replace the old password with the new one in your password management software.
9. Be sure to save your changes in the web site/app and in your password management software.

May the strong password be with you!