SSC Toolbox Social Source Commons Blog

Nonprofit Tech, Tools and Social Media

A program of Aspiration 
Aspiration 

How Do You Manage Your Passwords?


One issue that organizations often ask us about with exasperation is passwords. That necessary headache that everyone has a different way of managing badly.

How do you manage them?

Do you have a text document where they’re all listed?

Do you keep a hard copy in the tank of your toilet?

(These three questions usually come one right after another). The truth of the matter is that having an “easy way to remember and manage passwords” goes against the very nature of the password. The best passwords are unintelligible gobble-de-gook full of letters, numbers, symbols and LOLcats.

Password Management Tools

That’s why there is an entire subculture and netherworld of password management tools that we put together in the (intriguingly named) Password Management Tools toolbox on Social Source Commons.

The majority of these tools work by storing your complicated passwords for a variety of web sites and programs so that you don’t have to remember them. You then make a master password to access the password manager and thus all of your passwords. This comes with the obvious caveats:

  • What if someone gets access to my master password?
  • How do I make it work for more than one person?
  • What happens if I’m not on my usual computer where my password manager is installed?
  • What if I’m in a coma and someone needs to access our accounts at work?

I mean, if you’re in a coma, you’ve got bigger problems to deal with, but you get the idea. These password management tools are not without their security holes.

Rule-Based Password Management

Another management technique that we usually recommend organizations follow is a rule-based password management technique. Basically you come up with a rule that dictates what the password will be for where you go. The rule can be anything you want as long as you can remember it. Let’s look at an example:

Symbol + Variable + Root

In this case, we pick a symbol, any symbol. Let’s say %. The Variable is the thing that changes based on what you’re setting the password for. Let’s say our variable is the root URL without .com or www. So if I was setting a password for an account on www.google.com, our variable would be google. The Root is another word, number or phrase that doesn’t change. Let’s say our Root is chicken17. Using this method, when signing up for an account on Google, our password would be:

%googlechicken17

If we were signing up for an Aol account (stop laughing. some people still do):

%aolchicken17

The password is different each time but all we have to do is remember the rule.

This is an easy way for organizations to manage the different passwords across different accounts. If everyone knows the rule (or those who need to know *evil laugh*), passwords don’t need to be stored because they’ll follow the rule. Also, your passwords are not tied to a specific program installed on a specific browser or computer so passwords are remember-able outside of your natural computer habitat. Regularly, organizations can then change the root or variable convention to increase the security of accounts by getting rid of stale passwords that may have gotten compromised (are you imagining you’re in 24 yet?)

Lastly, if you insist on keeping your passwords in a text document chilling on your computer desktop? Do me a solid and at least split up the files so you have the user names in a separate file from the passwords. Thanks.

How do YOU manage your passwords?




  • http://twitter.com/pearlbear Michelle Murrain

    I have become a real fan of Passpack. It’s very user friendly, and I like that it’s really easy to share passwords with collaborators in a safe way.

    I also use some rule-based password management for social media sites and the like.

  • Drew Cranna

    Roboform Everywhere version 7
    Before everywhere version loaded 1password on my mac and it works great as well. Both of these products not only keep passwords but secure notes and form filling information as well as credit card info etc.

  • Anonymous

    I have a personal rule for different passwords (I use 5/6 passwords for different sites). The rule is, use two important words in my life, totally unrelated to the site, connected by an integer. I never write down or use browser’s remember password option. And well, I often change password for my email and facebook. These days, OpenId is saving a lot of trouble.

  • http://blog.socialsourcecommons.org/ Matt Garcia

    When you say you use rule-based password mgmt for social media sites and the like, do you mean you use them for not-as-important websites because rule-based is less secure?

  • http://blog.socialsourcecommons.org/ Matt Garcia

    In your experience, do you find most websites that you frequent are using OpenId? I feel like there was this huge “OpenID is going to die!!” wave when Facebook Connect came out.

  • Anonymous

    You can consider facebook connect as a variant of OpenId. It actually uses OAuth2 mechanism, like Google, Twitter and Yahoo. Important thing is to reduce number of sites where I am sharing my password (since it is impossible to enter unique password on each site I use)

  • http://blog.socialsourcecommons.org/ Matt Garcia

    Hi Drew, using Roboform Everywhere seems like it would get addictive as in “I don’t need to remember any password because I’m using this tool”. Do you still keep your passwords easy to figure out in some way or do you rely on the tool to remember everything?

  • Pingback: Breaking Up is Hard: Tech and Departing Staff | Social Source Commons Blog

  • Pingback: Tips to Manage Your Online Identity Through Your Gmail Account

Connect with SSC


RSS Feed  Twitter  Facebook

Aspiration Publications