Digital Deal Breaker: What the &*%$ is my Password?
If you are nervous, frustrated, flustered, skeptical, or anxious about cloud based technologies, answer this question for me: Do you have a fool-proof system for managing your on-line account usernames and passwords?
Although certainly unscientific, I have observed with my clients and those that I teach, a relationship between their level of comfort with password management, and their effective adoption of cloud based technologies for their business. The more comfortable they are with account credential management, the more open and effective they seem to be with digital technologies. The less comfortable and/or confident they are in their ability to access their accounts, the less effective they are in embracing a digital world.
This makes perfect sense to me. Having confidence that you can access your account is a huge barrier to overcome in establishing confidence in a system or technology. I can certainly understand why you wouldn’t want to invest time and energy in a platform or tool, if you fear not being able to gain access to it when you want or need to.
That is why, if you don’t have an effective process for managing your account credentials, it is paramount that you stop everything, and solve this issue. It is not only time consuming (i.e. not efficient) to be constantly tracking down usernames or resetting passwords, but it is also a psychological brick wall to your openness in using technology. It is a barrier that must be overcome before you can effectively move forward with living a digital life.
Here is where I recommend you start. First, work to simply accept the following realities associated with living a digital life:
- Technology is the cornerstone of the modernized world, and these days, our entire lives are protected by passwords.
- Cloud based technologies ALL require account credentials. It’s just how it works.
- Account credentials consist of both a username AND a password. Understanding this makes planning a strategy easier.
- The criteria for the usernames/passwords are different for every site.
- For example, some sites will require a 6 character password, others will require 8. Some sites will require a username and others will require you to use your email address as your username.
- Using the same password on all sites is not a good option. Doing so will amplify your risk of unauthorized access to your accounts and your identity.
- Passwords change: Expect your password for a site to change over time. Either you will be forced to change your password at a regular interval, or there will be some kind of security breach that will force your account to require a new password. It’s just how it works.
- You can’t remember all the passwords you create, or are forced to change over time. You need a tool that will help you to remember them.
Resistance to these realities results in frustration and stagnation in creating efficiency and modernization of your business. Stop resisting. Instead, accept the realities and create an account credential strategy to address them. It is far more productive.
The next step is to develop an account credential strategy. Conceptually, the goal is to create a system or workflow that:
- Manages and organizes your account credentials
- Grants access to your accounts whenever you want, from wherever you want (from your computer, your phone, a friend’s computer, your tablet, a public computer, etc.)
- Minimizes the risk of a privacy or security breach on your accounts (both of which are inherent in participating in a digital world)
Following is how I manage my account credentials, along with some tips and to-do’s in order to develop a strategy of your own.
The first thing I’ve done is separate out my username strategy from my password strategy. As you go through this, keep in mind the following terminology, which will help clarify your strategy:
- Account Credentials: The combination of your username and password which creates your unique login for cloud based service and online accounts.
- Username: An identifier that must be unique to you (no other account holder in that system can have the same username) and depending on the site, might be a character string that you choose, or your email address. Typically you will pick a username that is easy to remember and representative of you (a version of your name is a common choice). Usernames do not have security standards associated with them and often the username associated with your account will be public and visible to others. Sometimes, the username is also used in the URL of your account (as in social sites such as LinkedIn, Twitter, and Facebook).
- Password: The unique code that you choose to use in conjunction with your username to gain access to your account. The stronger your password the better, as this minimizes the risk of account hacking. Passwords are intended to be kept private.
My strategy includes having selected both a username and an email address that I am committed to consistently using every time I sign up for an account. You need to pro-actively decide both since some sites require you to have a username, while others will require you to use an email address as your username. It is best to pre-define what you will use in either scenario so that you are prepared.
Make a conscious decision for each of the following:
1. Unique Username: What is a unique identifier that is related to you (often labeled the “username”) that will be available on ANY site you try to create an account at?
- I recommend that the username is somehow personal to you. Do not include your business name or a reference to your business. Both of these things tend to change over time and usernames are generally meant to be unique, permanent and for the life of your account. Many sites will not allow you to change your username. Since you will always be you, the best etiquette is to use your name in some way for your username.
- If your name is Debbie Smith, don’t plan on your username being “debbiesmith” - it is likely not available (usernames must be unique and debbie smith is a common name). But, “debbiesmith98” probably is available as a username. To increase the likelihood of an available username, add a two digit code at the end of your name that represents a meaningful year for you. Maybe the year you got married, or the year you graduated from college, or the year you moved to your house, or the year that you bought your house.
- Don’t use either your birth year or your current age in your username. Stay away from this kind of information in both your username and password. This is not good online etiquette and makes you a higher risk for hacking and identity theft as usernames are often visible to other members of the cloud based system you are signing up for (for example, twitter, facebook, etc.)
TO DO: Choose a unique username that has meaning to you. Commit it to memory. Be consistent in using it when creating accounts that require you to select a username.
2. Email Address: You probably have multiple email addresses. You need to pick one email address and commit to always using that email address when creating new accounts.
- Your primary email you use for account creation should NOT be your work address as it is very likely that you will not always have access to that email address.
For example, when I first signed up for a Facebook account in 2007, I was working at Coldwell Banker and I created my account using their email address. When I left that company, I lost access to that email account and when I forgot my password to that account, I had no way of resetting it because the password recovery process required access to my Coldwell Banker email [which I no longer had]. My only solution was to create a new Facebook account with an email address that I controlled. (This is another great reason why you need to own your own domain name, but that is a topic for another post.)
- Your best options are (in priority order):
- Select an email address associated with a domain that you own (i.e. firstname.lastname@example.org)
- Select an email address from a reputable, free source that you expect will always be accessible to you (i.e. debbiesmith98@gmail)
TO DO: Choose a single email address that you will always have access to.
BONUS POINTS: Create a note in Evernote that documents your choice for your planned username and email address.
Once you have selected/clarified what you will consistently use as your username and email when you create accounts, you are prepared to develop a password creation and management strategy.
I rely on software to support my password creation and management. There are several options in this area, but my choice is LastPass.
LastPass centralized my account credentials, acting as my “password library" that I can access whenever I need them. LastPass also helps me to generate, organize, and retrieve passwords and usernames for all the sites that I create accounts for in my digital life. If I need to create a new account, or generate a password, I let LastPass generate a strong password that meets the requirements of the site and then remember that password for me. LastPass then retains and stores that password for me. And, next time I need to log into that site, LastPass automatically populates that challenging password into the login box. As a result, I don’t even know that passwords for most of my accounts. I just know that the passwords are in LastPass.
I can access LastPass both on and off-line, and I can also access LastPass from my phone. I pay $12/year for LastPass (and it would be free if I didn’t want access from my mobile device, but I do, so I pay). Access to my LastPass library of account credentials is gained through a single, very strong password that I have committed to memory and use in no other place but LastPass.
An added bonus of LastPass is that it is possible for me to securely share passwords (one of the premium features includes in my $12/year cost) with other LastPass account holders who support the work I do. So, if I need my assistant to log into my website to make a change on the backend, I can send her the login credentials through LassPass. She never sees the password, but she is able to access the account via my authorized LastPass share. I can also revoke her access anytime I choose.
LastPass offers me password peace of mind and a system through which I efficiently manage my digital life. I highly recommend it over the other options I observe such as:
- Keeping a printed list
- Sticky notes
- Rolodex cards
- Keeping a contact record for each password
- Memorizing your passwords
If one of these is your system, migrate it over to a software based password management system (LastPass) and creating a consistent plan for what username/email you will use for accounts.
So there you have it - my account credential management system. It is the foundation of what allows me to embrace the efficiencies a digital world offers. It makes me organized, flexible, and it is not stressful or frustrating to manage. This structure is the foundation of my untethered work and life. I have comfort that I am managing the risks of online security and identity theft. Because I have a strategy and system, I am able to be nimble in my business and embrace software, sites, and services as they come and go. It is freeing and essential.
I do have one other element to my system, but it is optional, and will be addressed in Part II of Digital Deal Breakers: What the &*%$ is my Password. Stay tuned or subscribe to our blog to be automatically notified when it is posted.
Have a account credential management system that works for you? Leave a comment below.