Practical Guide to Password Management

What Prompted This Article?

If you haven’t heard by now, there is a security flaw on more than 500,000 Web sites that could cause you—yes, you—a whole lot of trouble. This flaw is called the Heartbleed bug. To summarize, it is a flaw that makes a secure connection between you and a Web site not so secure.

This means that folks can steal your passwords and credit cards.

Here is a list of the major sites effected but this is in no way a comprehensive list. If you want to see if a site has been effected, use the LastPass Heartbleed checker tool to make sure that the site has patched the vulnerability.

The bad news is that you’re going to have to change a lot of passwords.

Changing A Lot of Passwords Is Tough

Nothing that I’m going to tell you will make changing a bunch of passwords easier. However it will help you to create good passwords and manage them effectively.

I’d also like to point out that I don’t do Web security, so understand that my advice is solid but others may have better suggestions.

Password Managers

In a world where every Web site requires a unique account with a username and password, the easiest (but not wisest) thing to do is to use the same username and password over and over again. This means that you’ll remember it. It also means that if one account is broken, they all are.

A password manager is an application that allows you to only have to remember a single password. It takes all of your different account passwords and locks them in a vault behind a master password. This allows you to generate long, random passwords like Lv3kj@CpwNhBLf$3Pt^mLVqRv8 for sites instead of a weak password like randy1977.

Let’s Talk About Passwords Themselves For A Moment

There are a few schools of thought on what makes a password secure. Basically the longer it is and the more random it is, the better. When possible, make the password at least 8 characters long, use a mix of upper- and lowercase characters, a number or two, and perhaps a random character (!@#$%, etc.).

What Password Manager Should You Use?

I use and recommend 1Password. Alternately you can use LastPass or KeePass.

Image stolen from

I recommend 1Password because it comes on every platform that I might use—Mac, Windows, iOS, and Android. It syncs the encrypted database with Dropbox, allowing all my devices to stay up-to-date. This also means that you can log into your vault from other computers through your browser.

It also has plugins for Chrome, Safari, Firefox, and Internet Explorer that allow you to right click and log in to a site. And if you’ve left your vault open you just have to press a button to log in. (Don’t worry, the vault auto-locks often so you don’t have to fret over whether you’ve left it open.)

In Conclusion

Because of the Heartbleed bug you should change all of your passwords, which should be managed by a Password manager.