Password Management (HOWTO Manage a List of Strong and Unique Passwords)
Your passwords are the keys to your computers, devices, and online accounts and services. It’s important to use strong and unique passwords to keep your accounts secure, prevent impersonation, and avoid your accounts and devices from being used to attack others.
Regarding your Widomaker e-mail accounts, it is important that you use a strong and unique password for each of your e-mail addresses. Otherwise, your account is likely to be compromised and used for a variety of illegitimate purposes, including, to impersonate you, or send spam or phishing messages attempting to compromise other accounts, individuals, or companies.
If you use the same password everywhere, a hacker only needs to get your password once in order to break into many of your online accounts. Using the same (or similar) password for multiple accounts or services must be avoided.
In recent years, there have been numerous high profile data breaches that caused passwords to be compromised and made available, for sale, on the Internet. If the compromised password was also used elsewhere, then those additional accounts or services are now compromised. Using a unique password for each account or service, without reusing the same password, can avoid one compromised account password from compromising many other accounts at the same time.
You can find out if one, or more, of your online accounts has previously been compromised in a well-known data breach by using Troy Hunt‘s Have I Been Pwned (HIBP) service. HIBP will let you check if you have an account that has been compromised in a data breach. If your information shows up in any of those well-known data breaches, you should make extra sure you have changed your password on the breached site or service, as well as on any other sites or services where you have used the same (or similar) password. Going forward, use a unique password, that you haven’t used elsewhere, for each account or service.
Because it is difficult, or impossible, to remember strong passwords, especially when you must have a different password for every account or service, you must have a method of safely recording all of your different passwords. There are two frequently suggested methods of password management…
1.) Write them down! Of course, you should keep your written record of your account passwords in a safe place, perhaps in a locked drawer, box, or safe. Use something like this Password Log Book, from Amazon.com, or Barnes and Noble, to record your passwords. Store the Password Log Book in a safe place, where only those you trust could have access to it.
2.) Use a Password Manager! A Password Manager is a computer program or service that encrypts your list of accounts and passwords, with one single Master Password, that unlocks your password list. That way you only need to remember the Master Password, not the tens or hundreds of other unique passwords stored in your Password Manager.
How to use a Password Manager is beyond the scope of this post, but can be an efficient method of managing a long list of accounts and unique passwords. Password Managers also make it easy to generate unique random passwords to use for each of your accounts and services that require one. There are several popular, and well respected, Password Managers that are available. Wikipedia has a list. Troy Hunt, the author of the HIBP service, suggests the 1Password Password Manager.