Promising Practices Promising PracticesPromising Practices
A forum for government's best ideas and most innovative leaders.

How to Remember All Your Passwords and Keep Them Safe


In the days after the Heartbleed story broke, Internet users were strongly advised to change the compromised passwords on their online accounts to protect their data.

For anyone who’s been a web user for a significant amount of time, the number of such accounts is high, unmanageable even: email (personal and work), LinkedIn, Skype, Facebook, Twitter, bank accounts, G+, Apple ID, Instagram, YouTube, Vimeo, news sites, Yahoo!… Hotmail? AIM? ICQ? Myspace? mIRC? The innovation economy’s proliferation of apps, services and devices has complicated our lives, rather than make them simpler, the way technology should.

Heartbleed woke the world up to security and privacy, but it also revealed how thinly our online identities are spread across different platforms, putting the user at risk and also impairing their ability to be productive, collaborative and high-functioning.

What happened to the web

Tim Berners-Lee, inventor of the world wide web, envisioned an internet that improved how we communicate. In his 1999 book Weaving the Web, he said:

“The Web is more a social creation than a technical one. I designed it for a social effect—to help people work together—and not as a technical toy.”

In some ways, this happened: we have access to global repositories of knowledge, and there are options for free and inexpensive tools, software and storage on the web.

But in other ways, we’re more distracted, misunderstood and mentally scattered than ever. Recent research found average users switch between their devices as many as 21 times an hour. The multi-platform, multi-device world shattered our attention spans—400 milliseconds can be too long for users to wait for a page to load, shorter social media post or videos are more likely to get likes and shares.

Users—as well as technology vendors, service providers and governments—cannot expect that more apps and services will optimize the web experience. Instead, innovators and disruptors need to understand the importance of open technology, emphasize interoperability and transparency, and promote security, privacy and ease of use. But this won’t happen without the aid of better and more thoughtful web-based software.

Make the best of the cloud

If it isn’t already clear based on the ubiquitous presence of cloud services (a market worth more than $131 billion), web-based software is how work and play will be done from now on. And despite security and privacy risks (whether from prying governments or cyber-criminals), web-based software has the ability to bring the many accounts, apps and services we use together into streamlined channels. A single cloud-based user portal, which can be used on any device with a browser, can provide access to all our social media accounts, email, file storage and even document collaboration tools on a single screen.

The danger is that new apps and services too often create proprietary walls. Apple, Google and Microsoft have made it easier to access their services via the cloud, but they haven’t made it easier to access other services. This one-minded game doesn’t suit modern users, with hundreds of accounts, apps and passwords. It also doesn’t foster a collaborative web. That’s why the global cloud infrastructure must be open, with open APIs, source code and even hardware specs.

The password problem

Of course, even with a streamlined, open web solution for all the apps, there is still the problem of having hundreds of passwords. Unfortunately there is no technological solution today that will make it easy to remember all of your passwords while still keeping them secure. However, there is a fairly straightforward, two-step approach to passwords that will put a user at far less risk.

First, you need a method of easily remembering your unique passwords without having to save them to your browser’s cookies. One method is to base them on the first letter of each account. For example, your Facebook password would correspond to (F), which could mean “favorite film.” If your favorite film is Star Wars, you might then pick your favorite character: Han Solo. Then, your password could be Solo, plus some combination of numbers and symbols that isn’t related to any of your personal data but instead has a hidden personal meaning—for example, you first saw Star Wars on your 7th birthday, which was in 1983, at your Uncle John’s house. So the password for Facebook is now Solo7_1983@johns. Not a foolproof system, because the most dedicated hacker can crack any password, but it’s much better than using variations on the same password for all accounts.

The second part is never store your passwords or other account information in a public cloud, where they could always be at risk of leaking or being hacked. Never store passwords in a Google Doc, or even in your smartphone’s notepad app—you’re asking for trouble.

Reprinted with permission from Quartz. The original story can be found here. 

(Image via kpatyhka/

Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.