Promising Practices Promising PracticesPromising Practices
A forum for government's best ideas and most innovative leaders.

How to Remember All Your Passwords and Keep Them Safe


In the days after the Heartbleed story broke, Internet users were strongly advised to change the compromised passwords on their online accounts to protect their data.

For anyone who’s been a web user for a significant amount of time, the number of such accounts is high, unmanageable even: email (personal and work), LinkedIn, Skype, Facebook, Twitter, bank accounts, G+, Apple ID, Instagram, YouTube, Vimeo, news sites, Yahoo!… Hotmail? AIM? ICQ? Myspace? mIRC? The innovation economy’s proliferation of apps, services and devices has complicated our lives, rather than make them simpler, the way technology should.

Heartbleed woke the world up to security and privacy, but it also revealed how thinly our online identities are spread across different platforms, putting the user at risk and also impairing their ability to be productive, collaborative and high-functioning.

What happened to the web

Tim Berners-Lee, inventor of the world wide web, envisioned an internet that improved how we communicate. In his 1999 book Weaving the Web, he said:

“The Web is more a social creation than a technical one. I designed it for a social effect—to help people work together—and not as a technical toy.”

In some ways, this happened: we have access to global repositories of knowledge, and there are options for free and inexpensive tools, software and storage on the web.

But in other ways, we’re more distracted, misunderstood and mentally scattered than ever. Recent research found average users switch between their devices as many as 21 times an hour. The multi-platform, multi-device world shattered our attention spans—400 milliseconds can be too long for users to wait for a page to load, shorter social media post or videos are more likely to get likes and shares.

Users—as well as technology vendors, service providers and governments—cannot expect that more apps and services will optimize the web experience. Instead, innovators and disruptors need to understand the importance of open technology, emphasize interoperability and transparency, and promote security, privacy and ease of use. But this won’t happen without the aid of better and more thoughtful web-based software.

Make the best of the cloud

If it isn’t already clear based on the ubiquitous presence of cloud services (a market worth more than $131 billion), web-based software is how work and play will be done from now on. And despite security and privacy risks (whether from prying governments or cyber-criminals), web-based software has the ability to bring the many accounts, apps and services we use together into streamlined channels. A single cloud-based user portal, which can be used on any device with a browser, can provide access to all our social media accounts, email, file storage and even document collaboration tools on a single screen.

The danger is that new apps and services too often create proprietary walls. Apple, Google and Microsoft have made it easier to access their services via the cloud, but they haven’t made it easier to access other services. This one-minded game doesn’t suit modern users, with hundreds of accounts, apps and passwords. It also doesn’t foster a collaborative web. That’s why the global cloud infrastructure must be open, with open APIs, source code and even hardware specs.

The password problem

Of course, even with a streamlined, open web solution for all the apps, there is still the problem of having hundreds of passwords. Unfortunately there is no technological solution today that will make it easy to remember all of your passwords while still keeping them secure. However, there is a fairly straightforward, two-step approach to passwords that will put a user at far less risk.

First, you need a method of easily remembering your unique passwords without having to save them to your browser’s cookies. One method is to base them on the first letter of each account. For example, your Facebook password would correspond to (F), which could mean “favorite film.” If your favorite film is Star Wars, you might then pick your favorite character: Han Solo. Then, your password could be Solo, plus some combination of numbers and symbols that isn’t related to any of your personal data but instead has a hidden personal meaning—for example, you first saw Star Wars on your 7th birthday, which was in 1983, at your Uncle John’s house. So the password for Facebook is now Solo7_1983@johns. Not a foolproof system, because the most dedicated hacker can crack any password, but it’s much better than using variations on the same password for all accounts.

The second part is never store your passwords or other account information in a public cloud, where they could always be at risk of leaking or being hacked. Never store passwords in a Google Doc, or even in your smartphone’s notepad app—you’re asking for trouble.

Reprinted with permission from Quartz. The original story can be found here. 

(Image via kpatyhka/

Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.