So, you do stuff online huh?
You’re a big bad marketer with 50 blogs and 75 social media accounts.
Let me guess.
You have a daunting quantity of passwords to remember.
(and you have them written down on a notepad, or even worse unencrypted on your computer).
Fact is, if you do anything online you’re at risk. Your information is at risk.
(If you play video games, if you write blogs, if you write code, if you develop projects, if you shop online, if you do anything).
The Importance Account Management and Security
The point is, password management is so often overlooked by my fellow Internet marketing buddies. As someone who comes from an IT / technology background, it’s astounding to me when I read about people getting their wordpress accounts hacked, or their aweber.com account hacked into.
(Imagine the stress if someone hacked into your autoresponder account and sent emails to your list on your behalf?)
But what about you? You’re in the game. You have social profiles, hosts, blogs, banks, hosts and forum passwords.
But… Your passwords aren’t all the same are they? Your passwords ARE COMPLEX and hard to guess right?
I mean, only a complete toolbox would have a weak password, right guys? (only a total shmuck would have easy to guess security answers to their account security questions too right?)
(not that a strong password or asq answer will help you in the event of a backdoor Trojan or keylogger attack).
Fellas? Can we all agree that the average Internet user (let alone the badass scientist dudes and Internet marketers) have an UNFATHOMABLY LARGE QUANTITY OF PASSWORDS TO REMEMBER?
But, you have your “tricks”, you’re totally on top of things and will never have your information stolen, right?
It’s not like anyone would ever try to brute force your passwords or trick you into giving you their password, right? I mean who the hell would do that!
Who’s trying to hack your online activity
Tons of odious MF’s (major forces) are trying to hack your accounts, even as we speak. Visit a few hacking forums if you don’t believe me; the raw quantity of stolen data (and those whom wish to steal it) is troublesome and unfortunate.
Real talk, statistically lots of people are after your data, this is Die Hard 4 level shenanigans. As an Internet marketer (or anyone), you have lots of valuable assets and information at your disposal. Email lists, website logins, financial accounts, lots of financial information and personally identifiable information flow at your fingertips.
Are you inept enough to neglect your information security?
So, what can you do about securing your accounts?
One of the easiest methods to ensure that your accounts are secure is by having very complex passwords on all of your accounts.
By secure, I mean ridiculously secure; ideally, all of my passwords are 30+ characters in length with letters numbers and special characters.
Of course, every different online account has different complexity limitations. I prefer systems without length restrictions, because the longer a password is, the harder it is to crack. (all other things being equal).
Also, make sure you know the recovery email address and “account security question” answer to each of your accounts. Often times, someone who knows you well (or otherwise knows information about you) can get very easy access to your accounts because they can guess your account security questions used to recover your account.
To combat this, have seemingly random and complex security answers to your accounts.
Give them the same security your password warrants.
Here’s the problem. And the solution.
The problem becomes when you have a ton of accounts to secure and information attached to each account.
For example, for each account (let’s say a random e-mail account), here is the information that may be attached to it.
- Attached telephone number (account recovery)
- Secondary email account (account recovery)
- Account security question and answer (account recovery)
So not only do you have to remember a very complex password for a single account, you also have to keep track of your recovery phone number and email address. (Assuming that you have multiple email addresses and multiple phones, you can imagine how storing all of this information can be daunting).
Now, from what I’ve experienced, most people either have the same password across all of their accounts, which is beyond mere double face palm notation.
Even worse, is when someone has an unencrypted text file located on their hard drive with their account passwords.
This data is so easily stolen and is conveniently packaged for anyone who ever gets remote access to your machine, which unfortunately is more frequent than you might think.
Your first Password Storage Option
Way back in Precambrian texts, security experts said that passwords should never be written down.
Well, unless you have a bulletproof memory (I’m talking like Spock and Yoda level), then in all probability you have to write your passwords down.
The most secure method to store a password database or a password list is on an offline encrypted thumb drive. Software like TrueCrypt offers government grade encryption levels (advanced encryption standard 256 bit) and will keep your information VERY secure.
This method of password storage is totally badass and I’ve done it for years.
(You can even have an encrypted TrueCrypt bin and then have another encrypted password utility inside of that bin! Double layers of encrypted data really makes me swoon).
It’s not ideal though. It’s kind of outdated in many circumstances.
While it IS the most secure method of storing sensitive data, maybe you can guess the problematic nature of this storage option?
Of course, the problem is accessibility.
Whenever you want to access a long and complex password, you have to manually decrypt your password store, which can be a pain when you’re trying to access your Google account for the nth time.
Additionally, what happens when you want to change your password for your 50 (or 500) stored accounts? Does it seem like an easy or automated process?
Which leads me to my conclusion. The moment you’ve been waiting for. Password management. Password storage.
Modernized Password Storage
That’s right. We’re currently experiencing a phenomenon in which information security is underdeveloped in our age of information storage and unregulated information access. While TrueCrypt is an awesome method to encrypt and keep your private credentials safe, it isn’t the most modern approach.
I’ve been researching the best existing password storage utilities, and frankly there are a few good options.
Two Types of Password Managers
There are basically two types of password managers. Online password managers, and offline password managers.
Offline managers are more secure (theoretically), but less convenient. Online managers are less secure (theoretically), but more convenient.
Lastpass is my favorite option. User databases are stored in the cloud which may turn people off, but you should know that the information is encrypted locally on your machine and then sent to the cloud. That means, even if a hacker stole your database from lastpass.com, they would still need your secure password.
Lastpass also has the best accessibility I’ve ever seen and will automatically update changed passwords upon detection of a change, allows “one click” updates and logins, and can also store “notes” on each of your accounts. (Notes like ASQ, phone numbers, attached email, etc). Additionally, lastpass.com offers two-factor authentication (something you know, and something you have), and even integrates with fingerprint card readers (something you are) if you choose.
I love the cloud access, and lastpass.com has advanced security features which include the ability to lock down your account very securely. Lastpass has a “free” version and a premium version for $12 a year. Once you use it, you’ll probably upgrade for the premium and be happy you did.
Roboform is another fan favorite that’s sweet and secure that is comparable to lastpass in many ways. It has evolved since I’ve last experimented with it however at this time I prefer lastpass due to its accessibility features.
The one variable of determination I made when ultimately going with lastpass, is that roboform at the time limited use to one PC at a time. As a total cloud using, multi tablet and laptop badass, this option was infeasible. I understand since that time, Roboform Everywhere enables cloud access.
KeePass is an offline password manager, so it’s technically more secure than an online storage option. This would be excellent to integrate with TrueCrypt if you want to keep your passwords secure in a “two layer” encryption scheme. (Create an encrypted bin with TrueCrypt, and then store your KeePass vault in that encrypted storage).
Of course where these offline options fall short is their inability to integrate with “live” online activities such as password updates and one click logins.
Is it going to be fun accessing your encrypted offline storage and updating account information day in and day out? Probably not.
I used to have a professor who would go off on ranting tangents.
You just witnessed what I observed everyday for four years of my life.
But in all seriousness, I hope you learned something and I hope you take your information security seriously.
It all starts with strong password management.
Use some of the methods I’ve provided, or do your own research and find out the best method to store your ever-expanding list of passwords.
Whatever you do, don’t end up like these guys.