Promising Practices Promising PracticesPromising Practices
A forum for government's best ideas and most innovative leaders.

How to Remember All Your Passwords and Keep Them Safe

ARCHIVES
kpatyhka/Shutterstock.com

In the days after the Heartbleed story broke, Internet users were strongly advised to change the compromised passwords on their online accounts to protect their data.

For anyone who’s been a web user for a significant amount of time, the number of such accounts is high, unmanageable even: email (personal and work), LinkedIn, Skype, Facebook, Twitter, bank accounts, G+, Apple ID, Instagram, YouTube, Vimeo, news sites, Yahoo!… Hotmail? AIM? ICQ? Myspace? mIRC? The innovation economy’s proliferation of apps, services and devices has complicated our lives, rather than make them simpler, the way technology should.

Heartbleed woke the world up to security and privacy, but it also revealed how thinly our online identities are spread across different platforms, putting the user at risk and also impairing their ability to be productive, collaborative and high-functioning.

What happened to the web

Tim Berners-Lee, inventor of the world wide web, envisioned an internet that improved how we communicate. In his 1999 book Weaving the Web, he said:

“The Web is more a social creation than a technical one. I designed it for a social effect—to help people work together—and not as a technical toy.”

In some ways, this happened: we have access to global repositories of knowledge, and there are options for free and inexpensive tools, software and storage on the web.

But in other ways, we’re more distracted, misunderstood and mentally scattered than ever. Recent research found average users switch between their devices as many as 21 times an hour. The multi-platform, multi-device world shattered our attention spans—400 milliseconds can be too long for users to wait for a page to load, shorter social media post or videos are more likely to get likes and shares.

Users—as well as technology vendors, service providers and governments—cannot expect that more apps and services will optimize the web experience. Instead, innovators and disruptors need to understand the importance of open technology, emphasize interoperability and transparency, and promote security, privacy and ease of use. But this won’t happen without the aid of better and more thoughtful web-based software.

Make the best of the cloud

If it isn’t already clear based on the ubiquitous presence of cloud services (a market worth more than $131 billion), web-based software is how work and play will be done from now on. And despite security and privacy risks (whether from prying governments or cyber-criminals), web-based software has the ability to bring the many accounts, apps and services we use together into streamlined channels. A single cloud-based user portal, which can be used on any device with a browser, can provide access to all our social media accounts, email, file storage and even document collaboration tools on a single screen.

The danger is that new apps and services too often create proprietary walls. Apple, Google and Microsoft have made it easier to access their services via the cloud, but they haven’t made it easier to access other services. This one-minded game doesn’t suit modern users, with hundreds of accounts, apps and passwords. It also doesn’t foster a collaborative web. That’s why the global cloud infrastructure must be open, with open APIs, source code and even hardware specs.

The password problem

Of course, even with a streamlined, open web solution for all the apps, there is still the problem of having hundreds of passwords. Unfortunately there is no technological solution today that will make it easy to remember all of your passwords while still keeping them secure. However, there is a fairly straightforward, two-step approach to passwords that will put a user at far less risk.

First, you need a method of easily remembering your unique passwords without having to save them to your browser’s cookies. One method is to base them on the first letter of each account. For example, your Facebook password would correspond to (F), which could mean “favorite film.” If your favorite film is Star Wars, you might then pick your favorite character: Han Solo. Then, your password could be Solo, plus some combination of numbers and symbols that isn’t related to any of your personal data but instead has a hidden personal meaning—for example, you first saw Star Wars on your 7th birthday, which was in 1983, at your Uncle John’s house. So the password for Facebook is now Solo7_1983@johns. Not a foolproof system, because the most dedicated hacker can crack any password, but it’s much better than using variations on the same password for all accounts.

The second part is never store your passwords or other account information in a public cloud, where they could always be at risk of leaking or being hacked. Never store passwords in a Google Doc, or even in your smartphone’s notepad app—you’re asking for trouble.

Reprinted with permission from Quartz. The original story can be found here. 

(Image via kpatyhka/Shutterstock.com)

JOIN THE DISCUSSION
Close [ x ] More from GovExec
X CLOSE Don't show again

Like us on Facebook