TL;DR: Now actually start moving passwords into the software. Updating the weak, deleting accounts that are unnecessary. Take the time to delete from other places, especially from a browser.So that was going to be it, down load the password manger and YAY! You’re secure! Nope. Buying the Sonicare and leaving it the box doesn’t get the teeth brushed. I have to relearn that every morning. Now we’ve got to go find all the passwords, put them in the manager, and DELETE THEM from places where they aren’t secure. That second step can be the more nerve wracking to me. I find having to reset passwords stressful and likely prevent me from ever finishing the task I was in the middle of. I’m going to choose to get over it.
This can be a slow and tedious process so break it to chunks. Have on some good tunes. Password maintenance will go into our every-Tuesday list. So will preserving a backup of said password manager file, because that encrypted file should be the only place they are stored now.
Some notes: The password manager I use lets me switch between files. I don’t have all my information in one file. There’s personal and then there is work. If you have clients, maybe make one for each client. As you find new passwords, go ahead and delete accounts no longer needed. Update passwords that are weak or old.
- Go ahead and find those bits of paper: It’s okay. No judgement. If you have them go get them, put them into the password manager. Eat the piece of paper. Just kidding… kinda. At least cross-cut shred it.
- Web browsers: All of the ones installed on your computer. The way browsers typically store passwords has vulnerabilities. When I fist moved over to a password manager I installed the browser plugin and figured I would just start saving things as I logged in. Have I gone back and deleted the ones that are already saved? No, no I have not. I’ll be doing more every Tuesday. Don’t forget to turn off the setting to autosave passwords in the future.
- Email present: Open your current email and search for the word “password” to remind you of any accounts you may have had from long ago. Update password manager then delete those emails. Now do the same with the words “account” and “order.”
- Email Past: Try getting into that obsolete email account you’ve been putting off worrying about. Once in search for the words “password,” “account,” and “order” again.
- Applications: Open your applications folder. Which of those require the internet to be of use or sync information to somewhere else? This is a clue to make sure you have the passwords saved. This process should be repeated for every device you have.
- The Operating System’s Password Manager: More secure than the browser or email. You can’t delete all of these, but do back them up to the password manager.
- One’s hiding in other random System Preferences/Control Panels: Networks, eMail accounts. If you need them 100% back them up to the password manager. We’ll be purging a bunch of these later.
- Servers: If you manage a website you’ll have as shell account, possibly a separate ftp, the databases, the admin guis… etc. Many of these may be caught already, but don’t forget.
Now back up your password file. Many password managers will do that to the internet automatically. If so you’re set. If it’s encrypted properly that will be fine. Don’t make the perfect the enemy of the better-than-what-your-doing-today. You’ll be keeping an eye out every Tuesday. If you are having a hard time letting go of the worries set up a Google alert for the name of the password manager you chose, maybe add the word “exploit” or “hacked” so you’ll be among the first to know.