My Password Management Setup

Since my last post on identity theft/worst case scenarios regarding user accounts on the web was a bit technical/unclear, I figured I’d follow up with a better answer to the question: “so what should I do about it?” Since weak passwords and site-specific attacks are the biggest threat, I think the best way for me to answer that question is to walk through my current account management scheme.

My system runs on one simple rule: don’t use the same password twice. When I register new accounts online, I use a different password every time. That way, if one site I use gets compromised, my other accounts won’t be affected. Obviously, this would be impractical if I had to remember every single password I registered with, or even if I had to keep them all written down. So here are the supporting requirements of my system:

  1. Keep memorization to a minimum. I don’t want to waste brain power memorizing hundreds of passwords.
  2. I should be able to access my passwords quickly–only slightly slower than the same amount of time it would take to recall them from memory and type them out.
  3. I should be able to access my passwords wherever I am.

I’m basically looking for the convenience of using a single password everywhere, but with much better security. Fortunately, this is easily accomplished using a few tools and some initial setup time.

These two tools allow me to satisfy my three requirements above. Both of them allow me to avoid memorizing any passwords except the master. When I’m on my own computer, 1Password’s browser plugins allow me to fill out login forms with a single keystroke. When I’m on someone else’s computer, I can look up my password on my iPhone or use Oplop to retrieve it.

This isn’t necessarily the simplest system to set up–after all, it requires you to change all your current account passwords and your behavior. But I can guarantee that if you do both, you’ll be protecting yourself better than most other internet users.