Use password algorithms for added security 04/06/11
Create a password algorithm. Store your passwords in SplashID. Encrypt. Export to the cloud. Rinse, repeat.
We editors have to keep track of a lot of passwords. By using an intuitive and easy to implement password management system, we save ourselves a lot of time in the edit suite.
The Matrix and The Bourne Identity.
Come up with an abbreviation for both:
MTRX and BIDY
Now you have the permanent first half of your algorithm – also know as your rule. The second half of your algorithm will be what changes depending on what site or app you are working with. Rule + site name (with a twist). Huh? What does with a twist mean? You lost me. Ok, for instance, if you are registering for an Apple ID then your algorithm would look something like
mtrxbidy + apple = mtrxbidyapple
But don’t stop there! The twist is to add special characters. Instead of using the letter I, use a similar looking digit like the number 1 (or preferably an !). Some people use the number 3 in replace of the letter E because the number 3 looks like the letter E flopped on its’ side. So now your password could look something like this:
Get it? Good.
Now, download and install the app SplashID for iPhone.
When you first launch SplashID you will see the Quick Start guide
Keep nexting ahead until you get to the Set Password screen
Using the example algorithm from the beginning of this tutorial your password for SplashID would be:
(Note: Assuming you are using the passcode feature for your iPhone, you will now have 2 layers of protection for your soon to be stored passwords)
After setting your password you are presented with the home screen.
You can filter by categories and types by tapping on the Filter By menus. In the filter selection screen you will see your categories by types and how many records belong to each.
Go back to the Home screen and press the + button to add a record
Adding a record is pretty straightforward so I’ll skip this part. It’s what should be done next that is extremely important. Every time you finish entering a record, the next step should be exporting an encrypted copy of your entire database to the cloud.
First step, in the main menu press the Send button.
1 specific record or all of them. I always select them all because then if I ever have to do a restore from a back up, I know that copy will have my complete set of records.
Press the Send button.
You will be emailing the record to yourself so select Email – As vID.
Now you will get a prompt asking you if you want to encrypt your records with a password. I always do this for an extra layer of security and peace of mind – this a record of all of my passwords after all.
The email that you used to register with SplashID will already be populated in the From field. So all you have to fill in is another one of your email addresses in the To field. You will also have to fill out the Subject line.
When you have done that press Send.
Go to the email account that you sent the file to and select download.
Instead of downloading it to your computer, save the file to your DropBox account.
DELETE the email you sent yourself and then EMPTY your “Deleted” folder. Now the only copy of the file is in your DropBox folder. (Note: What if you’re still paranoid about having all of your passwords in the cloud despite them being wrapped in Splash ID encryption? Well, you could save them into an encrypted folder on DropBox. Check out the DropBox TrueCrypt hack).
TIPS: SplashID makes a desktop version that syncs with the mobile version with, but frankly – I don’t use it anymore. It’s easier for me to just whip out my iPhone, plug in my SplashID password and get to my super secret info. I work off of several computers, so syncing the mobile app with several desktop versions just isn’t practical. But that’s my situation, yours may be different. The main thing is that an always current set of my passwords are encrypted in the Cloud.
Also, it’s a good idea to change all of your passwords every 6 months. I know what you’re thinking – do you realize how much of a pain that would be?
Well, according to a PC Magazine article, “A flaw in how Amazon stores older passwords—ones that its users haven’t changed in years—allegedly makes it a lot easier for a brute-force attack against said accounts.”
How’s that for motivation?