5 Best Practices to Manage All Your Web Accounts & Passwords

1. Make a Random and Different Password For Each Account

Use a secure random password generator like the one provided in Mashed Life or the GRC Perfect Passwords when you add/edit an account, to generate a secure random password for each account.

So even one of your account password is stolen, hackers cannot use it to penetrate your other accounts.

2. Use a Secure Account Management Service to Manage The Growing Pain

Life is not all about security, how about my convenience & productivity? How can I remember and manage all my accounts and the random passwords?

How can I stay on top of the maze of all my accounts?

Use a secure & reliable online account management & backup service such as Mashed Life to achieve that in the web way, the free and zero-dependency way. It is not only managing your passwords. It organizes the login name, URL and the reason for creating the account so you can stay on top of the maze of all your accounts.

  • Search for an account quickly by its name, notes, username, etc.

  • Sort all accounts by its name, username, last access, creation, notes, etc.

  • Access from anywhere on any PC and mobile devices.

  • Log in to the target site with just 1 finger, 1 click.

  • If you need an off-line version, desktop-based KeePass & Password Safe are both integrated with Mashed Life

  • Tag each account to group them as Home, Work, Social, Fun, etc. for flexible classification.

  • Worried about putting eggs in one basket, hackers taking over of your Mashed Life account? Use the platform-independent crypto key to achieve ultimate security.

3. Do Not Use Private Information to Reset Passwords

Many web sites, even big ones ask for information about your mother, birthplace, school, spouse, pet, ... as a way to reset your password when you forget it.

It is a stupid and a very bad practice in our opinion because it is...
  1. Too easy to break! Google for a person, search for a person's Facebook and LinkedIn profiles, it is not difficult to find or guess the answers.

    A good example is that Sarah Palin's Yahoo email account was easily penetrated by a college student in this way.

  2. Even worse, such private information is like your fingerprint, you can't change your mom's name, etc. That can be used to break into your other accounts using the same practice. This is an even bigger security loophole and privacy invasion.

4. Beware of Storing Passwords in Your Browser's Password Manager

This open-source project shows it is not difficult to extract account information from the password storage in the browser programmatically. And it has been a major known security risk. It is particularly risky when you lose a laptop with a lot of passwords stored under the browser's password manager.

Especially today most use multiple PCs at work, at home, or from mobile devices. One most likely ends up having account information scattered across several PCs.

If you have to use it, at least use a 'Master Password' to protect them better. If you can afford the hassle and the cost, you can use a PKI-based smart card to protect them better.

5. Use 'Hints' for Highly Sensitive Accounts

For highly sensitive accounts that you do not feel comfortable to trust it to any password manager, use 'hints' that only you know how to interpret into the real passwords. It can be an abbrevation of a sentence, or your magic number, etc.