First time checking out this series? You’ll get the most value by starting at the beginning and here is the series overview. The previous article in this series is How to set up automatic backups in macOS and iOS.
Note for regular readers, the already tech savvy, and IT professionals: this is designed as a resource you can give to those you are helping or for those looking to become tech savvy on their own.
Background, Expectations, & Best Practices
A big benefit of our hyper connected world is that we have access to almost any service or system almost anywhere in the world. Because we can access accounts and information without being physically present, unique identification is required for internet accounts. With the large amount of unique accounts most people have, it quickly becomes clear why password management is one of the biggest frustrations people face with technology; there is a lot of information, it changes, and is often simliar but different from account to account.
Like having a solid backup strategy (which we covered last week), implementing a good password management plan allows you to save time, stay more secure, and worry less. This will allow you to focus your time on what’s important and also position yourself to continue building your tech skills. In this article we’ll address how to approach password management, the what, why, and good software options.
Another frustration that’s useful to clear up is how accounts are differentiated. Just because one internet account uses the same email (user name or user ID) doesn’t mean it will also use the same password. This is only the case if you created each of the various accounts with the same password, which isn’t recommended.
Each service or company will know your account by the user name and password you entered when creating the account. For example, if you own multiple cars, your name will likely be the same on the vehicle registration for each (user name), but each car needs a unique key (password). The tricky part is that with internet accounts you can make that key (password) the same if you choose, although this isn’t safe. We’ll come back to this in the Why section below.
When people hear that it’s more secure to have different passwords for different accounts they usually ask “How do you keep track of them all?” The magic of a good password management strategy is that you only have to remember one which gives you access to all your information. We’ll get into this more in a moment, but for now, let’s dive into some of the fundamentals.
When signing into any account you’ll start with your user name or user ID. Often times this will be your email, but it could also be a phone number, or another unique alpha-numeric combination. Some services may use their name in the user name or user ID field, like Apple using Apple ID instead how Amazon formats their sign in page with Email (phone for mobile accounts).
You can also log into various accounts using your Facebook, Google or similar account directly (pictured below). You’ll notice this option on more and more websites and apps. This is convenient because this one account can let you in to many others; but you also want to have a strong password, because if someone has access to your Facebook account, they may quickly have access to many others. (Two-Step Verification and Two-Factor Authentication are important tools for security. We’ll cover those in the future as they are a bit more in depth).
Like shown above, each website or service may label it different, but your user name or user ID information will generally go in the first box you see. Financial and other sensitive accounts will generally have just user ID or user name (not email or Facebook etc. as an option).
Here are some common synonyms for user name: account name, user, user ID, email, login, login id, screen name, name, phone number, and account number. A user name is usually chosen by you, but may also be automatically assigned in some cases.
The password field is almost always below user name, however sometimes you may need to click or tap ‘next’ to go to another page to enter your password. Here are some of the synonyms you might see for password: passphrase, key phrase, passcode, access code, code, or PIN.
“Why do I need one?” is something I often hear from people who are frustrated with passwords. Their logic usualy goes along the lines of, “I don’t care if someone gets into my iTunes account, all I do is download free apps.” The trouble is, even if you don’t have a credit or debit card associated with an account, hackers or others with malicious intent can still cause damage if your account is compromised. Everything from emailing your contacts bogus messages and losing your information to holding your account for ransom.
This brings us to the topic of security. Aside from saving you time and frustration with remembering your account information, having a password management strategy will help you keep your accounts much more secure. When password managment is kept on paper or not really tracked at all it can feel like it’s too much work to have a different password for each internet account.
Good password management software is what will simplify the whole process and provide more security at the same time. Like I mentioned earlier, it will shift your focus from remembering many pieces of information to only needing to know one. There are a number of good choices out there that provide more flexibility and function than using Apple’s iCloud Keychain (which is built into macOS and iOS).
My favorite application and what a lot of us at 9to5Mac use is 1Password by AgileBits. It’s available for Mac and iOS (Windows and Android, too). It includes categories beyond just passwords, like bank accounts, driver licenses, passports, and more. There is support for sharing password vaults with family or teams, organizing with folders and tags, and the ability to customize fields in an entry.
Another fantastic feature in 1Password is called Watchtower. This alerts you to websites or services that you have an account with that may have been compromised (for example Yahoo being hacked). Because their system does these security audits automatically it’s quick and easy to update your passwords when a company has a breach and keep your information safe.
You can definitely manage your information successfully with a free option like iCloud Keychain or KeePass. However, I find the features and benefits of 1Password to be well worth the money. You can try 1Password for free for a limited time. After that it’s $9.99 to unlock all the features in the iOS version and the Mac version is $64.99. AgileBits also offers a subscription option on their website, $2.99 for individuals and $4.99 for families (billed annually and is good for both Mac and iOS).
My colleague Greg is going to detail the nuts and bolts of how to get started and use 1Password or iCloud Keychain next week so this installment isn’t too overwhelming. But, I wanted to mention these tools so you’re be a bit familiar with them.
The other thing that both 1Password and iCloud Keychain offer is automatic password generation. This may sound strange at first, but it provides a lot of security and is easy to use once you get the hang of it. The other bonus is you don’t have to come up with passwords yourself.
This comic from the website xkcd illustrates how our thinking on passwords is often backwards. An automatic password generator creates tough to guess ones like the correct horse battery staple example below (note: most sites and services will require a number and/or a special character for passwords).
Now that we’ve covered the background information and how to approach password management we’ll finish up with the Do This section. This will prepare you for implementing and leveraging software next week.
1. Take stock of your passwords and account information. Do you have a system for keeping track of it or not really? Is it on paper or a note on your iPhone? Is everything up to date?
2. Organize all of your information into one place for now, whether its paper or a Pages document or iPhone/iPad note (using an electronic option will save you time later).
3. If there are accounts that you don’t know the information for, take the time to go the website or app and try and log in. If you’ve forgotten the password, use the reset link below the user name user ID/email etc. and password field to create a new one. Do this for as many accounts as you’d like, record the new information, and stop before you’re frustrated or overwhelmed.
4. Here’s a fun way to change your perspective or story about passwords: Passwords are like semi-trucks, which can be slow and frustrating to follow, but they also deliver all the things we love to buy at stores. Passwords may be frustrating at times, but they give us access to amazing services and opportunities and also help keep our information secure.