It is always tricky trying to remember all of those passwords for all of those different accounts we now seem to have. It seems that these days you have to “Sign up” to have an account even just to simply order a pizza from your local store (Madness!). The problem this presents us all with is whether or not we will use the same username and password for each account (by the way a small hint, this is definitely NOT a good idea!) or whether we use a different username and email for each account, which we should all do…but then, how do you remember all of your username and password combinations?!! No matter how you look at it, this poses a problem for us all, regardless of how good you claim your memory to be!
One possible solution is using a password manager to securely store all of your passwords, although some people do have reservations about the security of these tools. Sometimes these concerns eminate from the fact that they rely so heavily on your one master password, which most definitely has to be complex and lengthy to keep those pesky hackers out! (Not to mention that some of these companies have been hacked themselves. However fear not, as the data is usually encrypted and useless to most data thieves). There is also the problem of what to do if you need to actually type your password at a time when you don’t have access to your password manager there and then…d’oh!!
(In case you’re not aware of password manager tools, here is a nice link to a comparison review carried out by PC Mag.com if you want to see the latest list of rated tools. For fairness here is another by techrader.com if you would like to compare the two, although there are plenty more out there if you search for them)
So let us be honest, sometimes our passwords can or are required to be so complex that they may as well be written in some form of ancient or cyrillic script! The rest of the time we just have so many that we can’t recall which password we used for which account, and despite the fact that you mostly only use the same three or four on a rotational cycle (yes, admit it, you do!) none of them work and you have maxed out all of your attempts and locked your account! What do we all do in these situations?! That’s right….click the “Forgotten Password” link!
Depending on what site or application you’re using will depend on whether you are simply asked to enter an email address/username for a new password to be sent to you (which is not good if a hacker has access to your email account, which is why your email account should be your most secure account of all!) or you are asked to complete a series of security questions.
Usually these questions are in the form of “What was your Mother’s maiden name?” or “What was the name of your first pet?” and so on and so forth – often forcing us to recall data from memories of our childhood that keep most therapists in work (the best question I ever saw was “What is the name of your least favourite child?” – genius!). We’ve all seen them, and we’ve all duly filled them in as the dutiful, well-mannered and security conscious folks that we are; so well done us. However, this can cause us a problem – with the growth of social media, online digital footprints and the wealth of publicly available information out there about all of us (whether we posted it or not…seriously, have words with your friends and relatives that post your personal life story on their social feed, because Social Engineers love that stuff!) most of this information is freely available for the savvy Open Source researcher to find and collect…and trust me, the bad guys do their open source research too!
SO…the advice I tend to give with regards to this is to have a pseudonym that you don’t declare to your social media obsessed companions and keep clear from any written or digital records! Tell no one your pseudonym’s details, but give the new you all the details they need to fill out your security questions safe in the knowledge that no one could then socially engineer the answers to any of them. It is a simple trick, but one that should help give you that extra reassurance that even if someone tried to compromise your account this way, it is far far less likely to work!