How To Create, Manage, And Store Your Passwords When Traveling

No security is absolute and there isn’t a single password perfect enough to protect you from every type of hack that exists now or will in the future.

Unfortunately there’s no mystical password out there in the ether to that can secure all of your online accounts forever. One great password isn’t nearly enough. You need a layered password strategy that requires a unique login for each of your online accounts. But that same technology that forces you to have multiple passwords – giving you a headache – can actually relive you of having to do any additional brainwork at all.

Security Is A Strategy, Not A Solution

We tend to focus on the endpoints of security like a metaphorical egg. Hard shell around the exterior but once it’s cracked, nothing stopping you from the yolk. Having multiple passwords is like adding shell after shell to your online world and identity, so if someone does hack an account, they’re limited in what they have access to.

What most hackers do when they gain access to any of your online accounts is not immediately try to empty out your bank account. They’ll use your email address to identify other accounts, hoping you’re using a single password for all of them. (More than 50% of you are.) Slowly gathering information, they’ll then take what they can get, whether it’s personal messages, money, or your questionable spring break photos. When you’re only using a single password, you can never been sure what’s been stolen if one of your accounts is compromised.

So, rather than having to change all of your passwords, set up multiple passwords so you only have to change one when the day comes you get hacked. Luckily, technology is on our side to do most of the work for us.

Tools To Create And Track All Of Your Passwords

Don’t bother trying to conjure up complex passwords you’ll end up forgetting and resetting over and over. Your brain is the most complex computer in the known universe, use it for what its good at, which isn’t coming up with passwords.

I have over 100 passwords stored on my KeePass, one for each account that’s randomly generated as complex as a given site will allow. Typically, my passwords are 16-40 characters long with numbers, symbols, upper and lower case characters.

And I don’t know any of them except one: to KeePass itself. All of the other places I log in regularly: Twitter, Facebook, and my blog require me to copy and paste the password from KeePass into the site. That’s literally 4 mouse clicks for some peace of mind. Not only do I not have to remember much, it’s quick – and I can probably log into all of my accounts faster than you can type in even the crappiest 123password!

RELATED
Travel Sports Headphones That Actually Stay In Your Ears: RHA MA390 Review

Thieves Aren’t The End Of Your Worries

You leave a lot of your personal rights at international borders when crossing into a new country, even one you might presume to legally protect your privacy. It’s important to understand your digital rights as a traveler in the free world and take these steps to protect your laptop from invasive governments. Since you may be forced (often legally) to give up passwords to your electronics, free software like Truecrypt hidden folders can hide sensitive password files in order to keep your online accounts safe from the NSA and other spy agencies.

Passwords Aren’t Absolute – Use The Next Step When You Can

There are a number of ways to hack an account that’s secured by password only. A hacker may try guessing the most common passwords, breaking the site, or fooling you into revealing some of your account information. (Like this attack particular attack against Tumblr.) It’s easy to steal what someone knows – which is why many sites take advantage of two-factor authentication – something you have combined with something you know.

Both Paypal and many HSBC banking accounts have the option of two-factor authentication; in the form of a small password-generating token they send to you for $5 or less. These small devices display a new number every 30-60 seconds which you need to enter with your password. Just having the password isn’t enough.

Many financial institutions offer hardware tokens but typically don’t advertise them for consumer accounts. Call you bank and other money-managing service providers to see if they’ve got tokens available for account logins. That way, if your password is compromised, the attacker won’t be able to get into your account. Unless of course you didn’t follow my advice above and are using the same password for each login.

RELATED
Take A Look At This Photo From Kawkaban, Yemen, Because It Doesn't Exist Any More

Don’t Just Keep Tweaking The Same Password Ending

It’s important, which is why I mention it again, that you don’t come up with your own passwords. Even if you tweak the same password root for each account (e.g. Kermit123!, Kermit-5566, etc.) for a computer doing the guessing, it really doesn’t matter at all. The most used password roots are widely known and generally consist of real words, sequential numbers, and proper names.

Go random and use a unique password for each of your online accounts, otherwise you’re only fooling yourself into feeling secure.

Rules To Login By

As a reminder, these are the basic best practices you should follow.

  1. Use A Password Manager – KeePass or LastPass (both mentioned above) are my personal recommendations.
  2. Generate A Unique Password For Each Account – Both programs can create randomly generated passwords for you. Use this feature and don’t bother trying to remember any of them, except the password for the password program itself.
  3. Ask Your Banks For Tokens – If they don’t offer them, suggest that they do.
  4. Don’t Send Your Passwords Over Email – It’s like writing your personal secrets on a postcard. If you do have to send a password, break it up over two mediums.
  5. Any Password You Came Up With In Your Head – …isn’t a good password. Magicians have known for a long time, we all tend to pick the same random numbers.

You Know What To Do So Do It Now!

A dedicated 15 minutes should be about what you need to download one of the password managers above, generate passwords for each of your accounts, and then go online and change each one. A quarter of an hour is a small amount of time to pay compared to the effort it takes to recover from a hacked email, bank, and Facebook account. Oh and Twitter. Because you used practically the same password for that too.

Finally, keep in mind that none of your online accounts aren’t worth using a unique and randomly generated password. That off-the-cuff password you selected for your unused Pinterest account can reveal a lot about you.The first step, for a hacker, is the hardest; after that it depends on you.

This is the updated and refreshed version of a guest post I originally wrote for Travelllll.com, which closed its digital doors last year.