Password Hygiene Part 1 – Identify Your Logins
2020-08-18In the introduction section I hopefully made a reasonable case to change passwords, and enhance your internet security by doing so. Remember those breaches discussed earlier? Those logins are only as valuable as the websites they can access. If every one of your critical sites uses the same password, suddenly the fact that those login credentials got out becomes very concerning.
So, the first question you might ask is: Which passwords should I change?
Before we answer that question, the first few questions I propose asking are – Do I even know what websites I have passwords for? Do I know which sites and accounts are critical (such as banking and healthcare sites) and which are used regularly (social media, news)? Have I even thought about which sites are important to me?
How many logins do I actually have?
Take a minute, and possibly a notepad, and start thinking about really how many websites and applications you have login credentials for. You might start with your bank. (Oh, wait, now that you think about it, do you have more than one bank that you use?) Next, you might think about your credit card(s). (How many of us have more than one?) After, you might start to think about your other financial accounts, such as money market/stock, insurance, etc.
After, think about heathcare type of sites. Your personal health insurance likely has login credentials. Perhaps your spouse has other insurance? Think about your local medical clinic – does it have an online portal? Do you utilize multiple medical providers or chains? Do you utilize logins for drug stores?
When you start to count these up, the number of logins you have can increase fast. Personally, I have well over 100 different websites and services that require login credentials. Does that number seem crazy to you? As suggested, start making a list and see how quickly your own number grows.
Levels of Importance
Many of us might agree that, in general, not all websites are equally important. Would you also agree that not all logins are equally important? For most of us, this is not too difficult to fathom. We are inherently aware that things like banking and credit card logins seem to be more important than, say, the login to your streaming music website.
If you are going to be successful in ensuring good security, it might be helpful to consider three simple levels of importance:
Critical – These are for things like banking, credit card, healthcare, etc. where identity theft and financial impact are concerns. Keep in particular mind any website where you have credit card data stored (aka Amazon or other retailers), where miss use could lead to massive problems.
Used Regularly – These are things that might not be critical, but are used on a very regular basis. Many of these websites or applications might be accessed so frequently that the credentials are saved in the browser, and it is rare you actually have to type your username or password. Examples might be email, Spotify, Twitter, etc
Infrequent Use – Remember that recipe site you had to sign up for, or that news article you wanted to access, etc? Use this for those one-off logins rarely used but required you to put in a password to register or gain access.
Document your login usernames (ideally offline)
As a security professional, many would say it is a cardinal sin to “write down” your password some place. However, I’d argue the greater mistake is to use the same password for every site you access. Thus, it is helpful to create a list of websites and apps you actually use.
That being said, I’ve created a spreadsheet that you can use, to help start this process. DO NOT USE THIS TO WRITE DOWN YOUR PASSWORDS. Once you’ve identified how many logins you have, and (more importantly) determine how critical they are, you can begin to secure them. I repeat – DO NOT USE THIS TO WRITE DOWN YOUR PASSWORDS.
Here’s a sample of the spreadsheet I’ve created:
Click here to download this spreadsheet in Excel (.xlsx) format.
Now, you’re ready to go to Step 2 – Using a Password Manager!
#StayVigilant
#StaySafe
#LookOutForEachOther
