Passwords

Yesterday as I was sitting though Purchase Card training, there was some discussion about passwords. For our new vendor, they require that we change our passwords every three months and that we don't use the same previous eight passwords. Everyone groaned of course and I just shook my head. This is another case of an organization who feels that rapidly changing passwords is the key to security, when it fact it will only lead to users using very insecure passwords or storing their password in an insecure manner. Studies have shown that a good, strong password that is stored securely is the best defense against hackers and the amount of time a user has their password does not effect how secure or insecure they are.

So what do I do? Use a Password Manager. This way I have a unique password for all of my accounts and for most of them I don't even know what the password is. I have the password manager generate a random password as strong as it can with numbers and special characters and I don't care what it is because my Password Manager will automatically fill it in for me. All of my social media accounts, my financial accounts, Amazon, Paypal, etc. they all have different passwords that I have no idea what they are. And when they need to be updated, I just let the Password Manager generate a new random password and I'm done. It works on all of my devices and with most of my apps. When it doesn't automatically sign me in, I can pull up the app and copy the password and paste it in manually. In fact the only drawback that I have had is that sometimes it logs me in too quick and I want to be the one who clicks the "login" button. I do need to have a nice strong password to get into my Password Manager, but I' rather have just one good, strong password to remember than 20 unsecure ones.

This is also a better solution than having the one password for everything in our school district. I realize that our Tech Support people are trying to make it easier for us and the students but one not-so-good password to get into our computers, email, online learning systems, business services, etc. is probably not a good idea either. It also has to be changed every year (at least its not every 3 months!) and can't be the same as our previous two passwords. Its amusing because my Password Manager warns me all of the time that "you are using the same password for multiple accounts" but that's way the district is structured.

For a long time I was worried about the security of these apps but I've been using mine for almost a year and haven't heard or experienced any issues. In fact when there was some news about a possible flaw, the company quickly pushed out an update to fix it. I use Lastpass because I'm mostly on Android. It doesn't integrate so well with my iPad but there are Password Mangers that work better with Apple.

I think this is an awesome solution to our password woes and recommend it to all of my students and everyone else. #t