As we continue to use services of different companies, we end up with more and more accounts. Getting control of all of those accounts can be a very difficult task. Here we mention one method and explain an second one in detail. Both will work, but each one has strengths and weaknesses.
The list of accounts that each of us has gets out of hand very quickly. Online banking, email account, store loyalty card, sports team registraion, etc. There are two good ways of getting the accounts under your control. One is electronic and one is not.
The electronic method can be very useful, but it has its own risks. In the past some password manager sites have themselves been hacked, exposing their users’ passwords. There are a few things to keep in mind about storing your passwords electronically. It is similar to writing your passwords on a paper, with two exceptions. First, the “piece of paper” lives in cyber space, and it can be sent to places you never intended. Remember, if your password manager doesn’t save the file to the cloud then if you lose access to it (e.g. if it’s on your phone and you lose your phone) then you will not have access to any of your passwords. If your password manager synchronizes to the “cloud” then your “piece of paper” is now copied onto multiple computers in multiple locations, and is exposed to attackers is those attacker break into any one of the locations where your “piece of paper” has been copied. Second, while the “piece of paper” is protected by encryption, it is thus protected by three things. (1) the strength of your password, (2) the encryption algorithm used, and (3) the secure programming abilities of the programmers who implemented the encryption algorithm. You can control the first, and you can select the second, but you have little control over the programming abilities of the people who implemented your program. The best you can do there is to select a program written by an organization with a reputation for secure programming. The easiest way to do this is to select open source programs that have been tested by the industry for many years. My personal favorite here is PasswordSafe, but there are others. Your best methods for protecting your passwords is to choose a good password for your password manager and to change all of your passwords every three to six months.
The paper method is especially useful for people who don’t trust their phone, their computer, the cloud, or any electronic device that can break. Unlike hacking a phone, server, or network, hacking into a person’s house must be done in person, and that makes it far more difficult (though not impossible) to do. Securing your passwords in this manner takes some doing. First, you must have a secure location for storing your passwords. A notebook in your desk is usually not the best location. Who can get access to your desk? Do you have an alarm system and video cameras recording when you are not at your desk? A small safe is a good first step. You want to take every reasonable step that makes it harder for someone to quickly grab – or simply photograph – your paperwork. A small safe (sometimes called a document safe or a gun safe) locked inside a desk drawer, or physically connected to a wall is a good start. If you live in an apartment where you can’t drill into a wall or floor to connect the safe, you can bring in a few long pieces of wood, place them in a closet, and then connect the safe to that. You want to make it extremely difficult for an attacker to grab your safe, drop it in a back pack and walk away. For the first six months that you own it you should open the safe daily or at least weekly. This will make the combination easier to remember after the six month period.
Now that you have a “safe” location let’s talk about the paper. Whether you use a pad of paper, individual sheets, or a notebook, you want to be sure that the whole stack goes into the safe. You do not want to write your secrets on the top page of a pad of paper, rip if off, and place it in the safe. An attacker could use a pencil to expose your password from the indentations made when you wrote them down. Now this may seem extreme, but never give any attacker a gift. Today you may not expect anyone to be searching your home for your passwords. Five years from now you may have different friends who bring with them their friends on a visit, and now you have people you’ve never met inside your home. Taking extra steps ahead of time can only help you prevent problems later.
Now, you have the paper and a secure location for storage. You’ll want to start by listing all accounts that you can remember. Ideally you want to save the location of the account (web site, cell phone, etc.) along with the username, the password, and the answers you gave to any “secret questions”. (Remember each secret question can be answered like a password if you want, but you must save the answers you give.) Another piece of data that can be very useful is the date when you set the password. This will need to be updated when you change your passwords, but it will be very helpful if you ever have a problem with the account. If you have an opportunity to use a phone number for additional security for the account then you’ll want to note that here. It’s a good reminder that you’ll need the phone when you connect to the account. As you remember more accounts (sports registration, gym membership, theater tickets, store loyalty card) you’ll want to add them to the paper. For the first run take note of all the accounts you remember. Then keep the paper in the safe. As you remember other accounts you can take note of them – just the account – and keep that separate until you have an opportunity to sit down with the master list and add the new accounts. That keeps your master list safe, since you don’t have it out all the time.
In summary you want a secure location, physical or cyber, and you want to keep a complete list of all accounts. We have suggestions on how to choose passwords and how to answers secret questions, but that’s for another time.