Password Management and Recovery

Password Management and Recovery

As more and more of our everyday life is lived online, passwords are becoming more and more important. You need a password for just about everything you do online, and a lot of things you do offline, too: social media, email, banking, shopping, logging into wifi, logging into your personal computer, logging into your work computer, and even unlocking your phone, if you’ve got a passcode lock. All these things require their own password. It can all be very difficult and confusing to manage.  In today’s post we’re going to give you some tips and tools for creating strong passwords, keeping track of your passwords, and what to do if you forget a password.

Good Password Practices

First things first, we’re going to talk about some tips for creating and using strong passwords. The first and most important tip is pretty simple: don’t pick something that’s easy to guess. “Password” is a lousy password. Variations on your or your family members’ names aren’t great either. Those are all things that someone with a small amount of access to your personal information could guess pretty easily.

The other major tip is to avoid reusing passwords. You may have heard the old saying that a secret isn’t a secret if two people know it. Much the same is true of passwords. You can pick an extremely secure password, but the more you use it, the greater the risk to you if it’s compromised. Data breaches happen in all sorts of ways. Maybe you sign into Facebook on a computer at the library and someone sees you typing it in, maybe you’re the victim of a phishing scam or some other sort of hacking, or maybe one of the sites where you use the password suffers a data breach. If you’ve used the same password for your bank account, your email, and your social media accounts, for example, then someone who gets it suddenly has access to a huge amount of personal information, and the ability to wreak all sorts of havoc in your digital life. If you use a different password for each account, the damage from a single compromised password is much more limited.

New Rules?

There’s been a lot of discussion over the last couple years about what good password practices are, and the best way to create a strong password. Back in 2003 the National Institute for Standards and Technology issued a document with some basic recommendations for password creation. This document – rivetingly titled “NIST Special Publication 800-63: Digital Identity Guidelines” – made recommendations for creating strong passwords. You’ve probably heard most of these guidelines: passwords should be at least 8-10 characters long, include random capitalization, numbers, and special characters. Most websites still follow these guidelines.

While NIST’s 2003 recommendations are still sound when followed properly, security experts in recent years have begun moving away from those toward a passphrase model that emphasizes password length, since longer passwords are harder for machines to crack. Under these new recommendations you should still be using capital letters, numbers, and special characters, but the focus is on choosing a 2-4 word phrase that you can easily remember, but other people and computers will have a hard time guessing, like “correcthorsebatterystaple.”

Password Managers

Following good password practices for all your accounts can be daunting, especially if, like many people nowadays, you have lots of accounts to lots of different services. Keeping track of it all safely and securely can be extremely difficult. Fortunately, there are some excellent password managers out there that can help make the job easier. Password managers will generate strong passwords for you and store them for easy access when you need them. Most password managers offer mobile applications and extensions for web browsers like Chrome and Firefox, enabling you to automatically fill in your username and password when you sign in to a website. With a password manager, all you need to remember is one master password, and the software remembers the rest for you. There are dozens of good password managers out there that you can use, but LastPass and Dashlane are generally regarded as two of the best. Both offer mobile applications, browser extensions, and both give you the choice between a feature rich free version and a reasonably priced paid version with more bells and whistles. A third popular option, 1Password, is also reasonably priced, but lacks a free version.

Recovering Lost Passwords

So, we’ve talked a lot about how to create strong passwords and keep track of your passwords, but there’s still the question of what to do with lost passwords. Unfortunately, lost passwords are one of the nearly inevitable realities of life on the internet. At some point, you’re going to forget a password. Fortunately, most websites and online services understand that, and provide you easy ways to solve this problem. As long as you signed up for a website with your email address, then recovering your password is pretty simple. On the login page for most websites, you should see a “Forgot password?” link somewhere near the box where you type your password. Typically, you just need to click that box and enter the email address you used to sign up. When you do that, the site will send you an email with a link to reset your password (in the early days of the internet, many sites would simply email you your password, but security concerns mean that nowadays passwords are typically stored in such a way that even the website owners can’t access them). Click the link in your email, enter your new password, make sure it gets added to your password manager, and you’re good to go.

Of course, all of that presumes you have access to your email in the first place. Where things get tricky is if the password you’ve lost is to your email account. Fortunately, there are ways to deal with that, too. Google, Microsoft, and Apple all have ways to give you access to your account if you’ve lost your password. As with the services we talked about above, the login screen for your email will have a link near the password box that says “Forgot password?” or something similar. Click on that, and you’ll be taken through a series of steps to help you regain access to your account. The steps will vary depending on which service you’re using and whether you’ve got two-factor authentication turned on, but they’re pretty similar. If you don’t have two-factor authentication turned on, you’ll be asked to either answer the security questions you provided when you signed up for the account, or receive a recovery email at the alternate address you provided. Answer the questions, follow the email link or, if you have two-factor authentication turned on, input the code that was sent to your phone, and you’ll be given the opportunity to reset your password. Make sure your new password gets added to your password manager, and you’ll be all set.

Google Factory Reset Protection

All that said, there’s one important thing to be aware of if you lose your Google account password. For the last few years, Android phones and tablets have included a safety feature called Factory Reset Protection (FRP). Here’s how it works: if you perform a factory reset on a device with FRP active, then as soon as the reset is complete the phone will ask for the Google account username and password that were originally used to setup the phone. Without the correct login credentials, it’s very difficult to gain access to the phone. The feature is meant to deter theft by making sure a thief can’t simply factory reset a stolen phone and then sell it. Unfortunately, it also sometimes backfires on users who find they need to reset their phone but don’t remember their Google password. So if you need to reset your phone – whether to sell it or to fix some problem you’re having with it – make sure you know your remember or recover password before you get started.

At Phone Medics + PC, we understand the headaches that come with a lost or compromised password. That’s why we’re dedicated to making sure you have the tools you need to manage your passwords effectively, and recover them when something goes wrong. As always, if you’re having trouble with a password issue, feel free to bring your phone or computer to our facility at 91 E. Merritt Island Causeway in Merritt Island, where our experienced technicians have the skills and the know-how to help get you solve your problems.