GRAND RAPIDS, Mich. (WOOD) -- If you're constantly resetting passwords because you can't remember the last one you created, consider the method information technology professionals use: the password manager.
"Think of it like a bank vault," explained Andy Syrewicze, a senior engineer at Grandville-based IT service provider Trivalent Group. "It kind of becomes an essential repository for all those passwords."
Programs like LastPass, Dashlane and 1Password will generate random, super-strong passwords for you and store them in an encrypted database.
You then access your "vault" through one "master" password.
"This is one of those rare areas where you can actually make your life easier when you need to get to your passwords," Syrewicze said.
Password managers store your login information for all the websites you use and help you log into them automatically, meaning you no longer have to remember multiple passwords for multiple sites.
If you're wondering if it's safe to keep all those passwords stored in one place, Syrewicze says it is.
"They put a lot more security measures in place that make it a lot more difficult for them to be breached," he explained. "You don't hear about the LastPasses of the world being breached like you do the retail companies and insurance providers because security is what (LastPass) does."
Another West Michigan IT expert agrees.
"A password manager is good when you have bunches and bunches of passwords," said John Klein, head of the IT Department at Grand Valley State University.
The programs vary in terms of mobile app offerings and cost. Some are free. Others are available through a subscription or one-time payment option.
Some password managers offer what's called "two-factor authentication." That means you need two separate items to access your database.
For instance, you might have to provide your password and your thumbprint. Increasingly, computers are coming with fingerprint scanners.
PASSWORD VS. PASSPHRASE
If you don't have enough passwords to warrant a management program, Klein and Syrewicze both urge you to use pass"phrases" instead of pass"words."
"The longer the password, the more difficult it is to crack," said Klein.
He advises you to use between 10 and 18 characters, including at least one digit, a symbol and both capital and lower case letters.
>>RELATED: Check the strength of your password with the Haystack password tester
Klein suggests coming up with a memorable sentence and then creating an acronym from it.
Klein's example was "my favorite move was produced in 1987."
"You just use the first letter of each word and throw in that 1987," explained Klein. "Then you get a unique combination of letters and numbers."
But when asked what's most critical, Klein stressed using different passwords for every service every time. Otherwise, you're an easy target for criminals.
"When they've got one password, they've got them all," Klein warned. "They'll try it on a variety of different accounts. They'll try it on your bank accounts. They'll try it on your purchasing accounts, your eBay and your Amazon."
Both Klein and Syrewicze stressed that if you're not going to use longer, random, unique pass"phrases" on all your accounts, at least do so for your financial ones.
"That's what these attackers want," Syrewicze said. "They want access to your financial information because that's their payday, right?"
PASSWORD SAFETY TIPS
- Don't use words that can be found in any dictionary of any language.
- Don’t use keyboard sequences like “qwertyuiop."
- Don’t use a favorite sport or sports team.
- Don't use passwords that are based on personal information that can be easily accessed or guessed.
- Don’t use any common names like Michael or Jennifer.
- Use passphrases instead of passwords whenever possible.
- Use at least eight characters, preferably 11 or more.
- Use both lowercase and capital letters.
- Use a combination of letters, numbers, and special characters.
- Use different passwords on different systems.
- Develop a mnemonic device for remembering complex passwords.
----------
On the web:
Splashdata.com: Worst passwords of 2014
Lifehacker.com: Five best password managers