The 10 Commandments on Password Management and Internet Security

Every Major Company: Facebook, Google, Target, Yahoo, AT&T, eBay, Evernote, UPS, Home Depot, Apple, JP Morgan, Dairy Queen, Amazon, Intel, Microsoft, Verizon, Twitter, has been hacked and is an active target for hackers today. Hackers will sell and publish your username and passwords and anything else they can find online. I’ve found my corporate/public/junk email in these lists. I’ve never found my private email in these lists.

There is nothing you can do about that, it’s just the world we live in. And you NEED to prepare, you have no choice unless you want your identity stolen, credit ruined with years of costly and time-consuming legal battles to attempt to restore it, your bank accounts compromised and countless other potential problems. I’m not being doom and gloom: I’m not being overly dramatic. I’m just saying you’re going to a place in which it rains a LOT, and will rain more and more as time goes on, and you don’t know when, but it will rain, so all I’m saying is, just remember to take an umbrella! Here is how:

UPDATE 2020: It’s now 99.9% automated, bots are looking for people who do not follow these laws:

Commandment #1: You absolutely must have different passwords for everything.
Having one good long password you use for everything: Worst idea possible. That’s how even super-nerd Facebook creator’s Mark Zuckerberg was hacked. It would be better to have different easy passwords for everything (which is still a terrible idea.)

Commandment #2: Passwords can not be in any dictionary.
Good strong passwords are like this: wS2T6pi!Bd~Ez9G&$Am7J . They have upper and lower case, numbers, and symbols and are long. What’s most annoying is some sites don’t allow special characters, or numbers, or nothing longer than 8 characters (which is stupid) so you will have to adjust some of your generated passwords for some sites.

Commandment #3: Use a password manager. Since you can’t remember, good long unique passwords for everything, you need to start to use a password manager. Here are a few: LastPass, Dashlane, KeePass, 1Password, RoboForm, Password Safe, Safe-In-Cloud, Encryptr, B-Folder 4, Keeper Security, KeePassX, PasswordBox, Ohanae, Datavault, Invium, Password Composer, StickyPassword, Authentic8 Silo, LogMeOnce, Password Genie, Zoho Vault, oneID, Norton Identity Safe, WWPass BlackBook, and many more I am sure.

Did you ever know there are so many? Do you know why? They are REQUIRED and everyone that knows anything about the internet, and unless they are Rainman, needs them! And so do you! Some are free, some use the cloud, some are totally offline, most offer upselling to use across platforms or some other nifty feature. I’m not here to review them or compare them, you can do your homework, you know who you are, how much you travel and what kind of features you need. You just need to get one AND use it. Today.

Commandment #4: Turn on 2-factor authentication (2FA) (or 2 stage verification) for your password locked phone, and other important sites (Android, iPhone, Windows Phone) This ensures that even if you didn’t follow this advice, and someone gets your password for your main Gmail account, they still can’t get in without your phone. I recommend Authenticator Plus for Android or iPhone.

Commandment #5: If you internet a lot, have 2 Gmail addresses.
Have 1 email for people only correspondence. Nothing else. Have another email for everything else. Keep your corporate/public email clean. If you did not subscribe to something, mark it as spam. If you did subscribe to something you didn’t want, unsubscribe. Gmail knocks out 99.99% of all spam, so if you are getting something in your inbox, you probably did subscribe to it. Most people only receive less than a handful of real spams a year in their inbox. That’s how good Gmail is. Any new person you give your email to, you can send them something like this:

“This __________@gmail.com is my people-only email, only for personal correspondence.

This __________@gmail.com is my public/corporate/junk email that I use for facebook, buying stuff, eBay, amazon, corporations, etc. If you have any funny e-cards, surveys, or forwards, send them to this address.

(Be sure to include this image in that email)
should_you_forward_that_email

Commandment #6: Thou shalt not share your personal, people-only email with:

  • People who are not tech savvy.
  • People without gmail addresses (seriously? It’s not even a contest)
  • People who forward or share stuff via email in a non BCC manner (they CC meaning publish their whole email contact lists in each email to everyone)

If someone you’ve newly added to your contact list, starts to spam you, send you “Funny stuff” or you see all their contacts in the “TO” or “CC”, write them an email letting him or her know of your new updated email: AKA your junk/corporate/public side email. It’s not that you need to worry about your friend’s email being hacked, it’s just that now you have to worry about 50 other people’s email being hacked, and them harvesting your email for spam.

Commandment #7: Backup your password manager’s contents.
You’re going to need to be able to have access to your passwords remotely. You need to figure this out yourself. You could use a Google Spreadsheet, and hid it in the third tab. Don’t label this document “All my user name and passwords and credit cards” Label it “Push up log” or “to-do list” or “reading log” or “sleep log” or “food journal” or WHATEVER you want, that when someone looks at it, they will see the common 3 tabs (maybe) and see your data, the brain will think “I know what this is” and they’ll move along, never being the wiser to all our precious info is hidden a few pages down on the third tab. Or make the text white so it looks like nothing, etc. Do something clever and unique. You can NOT do this method unless you have 2 stage passwords turned on and your phone is password locked as well.

Commandment #8: Get a digital emergency contact person.
Share it with someone techy that you also trust with your life. Giving someone access to your whole life, all credit cards, bank accounts, etc, they could destroy your whole life, that’s why you need to trust them with your life. This should be family, not someone you are married to or dating. Because you typically travel with them and things can often go wrong with those relationships. IF you are traveling abroad, and something happens, and you are compromised, you need to contact this person and tell them thusly. They will know what to do, call all credit card companies, change all important passwords, etc. If you are sharing a document with them, like a google doc, this is a good idea because you can unshare it if you ever need to.

Commandment #9 Securely Backup your password list, or make a duplicate RIGHT when you make a new account or change passwords.

I have over a thousand sites with passwords, there is no way I can remember all my passwords, usernames and what sites they go to. Every few weeks or months I get an email saying that a site I use was breached, and my password was compromised. The last one, guess what the password was? It was “wS2T6piBdEz9G&$Am7J” Guess how much I cared? Zero. Guess how many other sites used that password? Zero. Did the hackers try to use that password to sign into my Gmail? Yes. Were they successful? No. Even if they had the right password for my Gmail, they would have needed my phone, which is also locked, to enter the second stage of verification. That’s how awesome 2-stage verification is for those of you with smartphones.

I don’t see a need for changing your non-critical passwords often. The reason why “they” say to change your passwords, is because people generally didn’t follow Commandment #1 (Have different passwords for everything).

Commandment #10 – You need to memorize 1 or 2 Good Long hard Unique passwords.
So now, you only have to remember 1 good long hard unique password (versus hundreds), which can unlock all of your other passwords. You can use a mnemonic device like, “I Like To Eat #1 Red Cherry Tomatoes 4 A Midnight Snack In Summer” to create a good hard password like: ilte#1rct4amsis

By reading this you can no longer claim that you didn’t know it was going to rain, and that I didn’t tell you to bring an umbrella.

Once you’re password manager is in place, and you’ve got the habit of backing up your passwords, your life is a breeze, you go around the internet, never having to sign into anything, password managers just auto-populate and autologin to all websites, saving you lots of time and giving you peace of mind.

Modify the suggestions here in any format you like to make it more secure.