All you need is Word or Excel (other word processing and spreadsheet programs are available!)

PadlockIn my last blog post, I found another reason for not re-using passwords.

However, the problem a lot of my IT support clients complain of is that they just can’t keep track of multiple passwords and that that is a reason for re-using the same one or two. The complete solution is probably to use a password manager such as LastPass or Safe in Cloud, but this seems to be overkill for a lot of people and just seems to make the situation even more complicated. And one thing we do know about computer software is that if it is too complicated or difficult to use then people will not use it.

What we need, therefore, is something simple, readily to hand, and quick enough to use that it is not a horrendous chore to keep up to date.

To begin with, what is the data that we need to keep? My recommendation is that, every time you need to create a new account and password, you record the following information:

  • Today’s date – you may think that is superfluous, but it may help you decide which of two passwords is correct if you’ve written it down in two different places. Also, if you get locked out of your Google account, for instance, one of the questions they ask during the process of convincing them that it is, indeed, your account, is the date that you created the account.
  • The username on the account – this is probably, but not necessarily, an email address. And most of us have several of those. If you are having trouble getting into an account and you might have used one of three emails accounts as the username and one of three passwords that you habitually re-use (!), then there are already nine combinations that you might have to try. Add the complexity of “was the first letter a capital?” and “did I add 99 at the end of the password?” and you are very quickly into the realms of thousands of possible combinations. Just right the username down as soon as an account is created and avoid all that grief.
  • The password – natch.
  • Other information -such as the web address of where you actually get into the account. Note that both Excel and Word will automatically create clickable links to web addresses that they find in any worksheet/document.

ConfusedWhether you use a word processing document or a spreadsheet is just a matter of choice and I’ll leave the formatting of the document/worksheet to you. Personally I would use Excel and place one username/password combination on each row.

Now for the important point – you are strongly advised to password-protect your document/worksheet. This is how that’s done in Office 2016 (which is the same as Office 365):

The process is exactly the same in Word as in Excel except that Word refers to “documents” and Excel refers to “worksheets”:

  • Click on the “File” menu (top left of Word or Excel window)
  • Click on the box with “Protect Document” (or “Workbook”) written in
  • Click on “Encrypt with password”
  • Type your new password in the box provided and then click on “OK”
  • Type the same password again (to ensure that you typed the password as you intended)
  • Save your document/workbook by clicking on “Save” in the left sidebar

HappyOf course, you could use other word processing or spreadsheet programs for this, but I do recommend that you use one in which you can password-protect your document/worksheet.

Are the days of the post-it note numbered? As far as passwords are concerned, they certainly should be.

The biggest single preventable IT problem that my clients seem to encounter is lost, forgotten, or mis-remembered passwords

PadlockI know it wasn’t long ago – see this blog on passwords – that I recommended writing down all passwords – manually – in one place. OK, I can see the obvious flaw in this advice. However, the practical reality, in my experience as an IT Support Consultant, is that almost everyone needs some simple but rigid discipline to ensure that they can always find any of their passwords.

So why am I bringing it up yet again? Because some online organisations have started taking it upon themselves to force us to change our passwords before allowing us into our accounts. I think I’ve seen it with Apple in the last few weeks and I encountered it with the Dropbox website recently. With Dropbox you can simply re-use the same password (which defeats their aims of improving your security), but with Apple you can’t re-use one that’s been used in the last year.

This development adds a further layer to the complexity and frustration caused by online passwords. Being forced to change a password before you can carry on with what you were doing is just going to increase the likelihood that you will invent a variation of the existing password, fail to write it down, and then get locked out the next time you try to access that account.

Padlock with keyI’ve been trying to think of a way to make changing passwords easier – eg add 2 digits to the existing password that represent the month it was changed. The problem is, of course, that when you come to enter the password you won’t necessarily know when it was last changed so you won’t know what the current password is. It’s also true to say, of course, that any method that makes it easier for you to remember your own passwords makes it easier for someone else to crack them.

I don’t often see written advice on this subject. My guess is that anyone who is going to commit themselves in writing on the subject feels the need to be seen as “responsible” – hence all the common advice:

  • Passwords for all account should be unique.
  • Make passwords at least fifteen characters long.
  • Change them every month.
  • Never re-use them.
  • Always use a mixture of upper and lower case letters, figures, and special characters.

Hand holding keyThe only secure and comprehensive solution that I know of is to use password manager software. I’ve been using this approach myself for ten years or so. The reason I’ve not routinely passed it on to my clients is that its security depends on being absolutely certain that you have access to a working copy of the password program and backups of the data files. Frankly, a lot of people’s backup regimes are not rigorous enough for me to recommend that they put all their eggs in one basket by relying on a password manager.

However, this latest development (forcing password changes on us) has finally convinced me that it’s time to create a practical solution for my clients, consisting of recommended software, installation and training. The solution will need the following features:

  • Installation and training of a recommended password manager.
  • Installation and training in multi-level backup procedures to virtually eliminate the chances of losing the data file (data backups are always, ultimately, the user’s responsibility).
  • Ability to access the same password data whether you are currently using your Windows PC, IOS device (iPhone or iPad), Android device, or Mac.

I know the software to use as I’ve been using the specific software myself for at least six months and other software from the same company for at least five years. At this stage I’m not sure how long the installation and training of such a package will take, but I hope it can be done in a single session of, say, a couple of hours I’ll be aiming for simplicity and flexibility rather than sophistication. Please do let me know if you are interested.

© 2011-2019 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha