JCC Guide

This concept got off to a bad start. It was always said you should pick something you could remember. Really? You should have a different password for every site. Really? They should be changed every_______(pick you own period). Well. It is just not possible. So let us get a process that works.

First, there are three levels of password by importance. This is not true either but just go with it as a way of thinking about the issue.

Level Three: There are sites that collect email addresses to “keep you informed”. They do not have personal information or credit card data, etc. You never give your real birthday out! Do you? For these sites, just use junk passwords. If someone steals your password to Martha Steward, it will not be a real issue for you.
Level Two: Sites that may contain some personal information. Let us put JCC in that group.
Level One: Sites like banking where security is crucial.

We will discuss the level two sites only.

Password guidelines:

On any site, do not accept the suggested password from a password generator. You will never, ever be able to retype it. Just type over the highlighted gobble gook.

Sometimes, as you type, the letters become dots so you must write the password down first before you enter it. Where do we scribble down the proposed password? Well I use a spiral binder as scrap paper. I will move this password into my system but for now it may change and, of course, sometimes I just forget to transfer it. Now, I have to find my scrap of paper which, I can, because it is in my binder— not thrown out with the real scraps of paper.

How to choose a password. Our site indicates the “strength” of your password as you type. You should get to strong. I would be negligent if I did not recommend that. The only way to get to strong is to have a very long password or to include letters (upper and lower case), numbers and characters. Avoid real words and avoid letter or characters you cannot read with certainty. Some stuff just looks alike and you will not decipher it later. Avoid the problem from the beginning. Write out eight to ten digits. Use at least one from each of those four groups, remember:

Uppercase Letters

Lowercase letters

Numbers

Characters

If you look at a keyboard you realize that a capital four (4) is a $. So if you have trouble typing a $ don’t— just type a capital 4.

Therefore, my hand written note of a password looks like this:

This is typed as Aa$c&3*B28. You see why I tell you not to try to remember it.

This is one way. Do develop you own method. It is hard to read most password notes. Do NOT scratch out stuff. Take the extra 20 seconds and rewrite it.

Let you browser remember your level two and three passwords. Do not let your browser remember your banking and other Level One passwords? Keep the Caps-Lock key turned off.

Where do you save the passwords?

The location needs to be able to grow and mutate. I love a Rolodex for this. The problem. I cannot take it to Chicago. Nevertheless, pages come and go and it has tabs (A B C) for the site names.

Address books work for some. They are more portable but they become a mess after a few years. In addition, if you leave it in Starbucks you have a real problem.

You can put it in the cloud but then you need a system to hide the meaning to outsiders.

Recently, one of the password managers was hacked and compromised. Ouch!

Please add your recommendations below.