Shrikrishna Kulkarni's Blog

Shrikrishna Kulkarni's Blog

My Password management Journey

My Password management Journey

Subscribe to my newsletter and never miss my upcoming articles

Almost everyone has got accounts on multiple websites, and it's a real pain to secure these accounts with a solid password. This article will share my password evolution and how I protect my data online with robust and easy password management.

Almost everyone evolves in a similar way as I did. I hope this journey helps you to protect your data.

Password_Isometric-2.png

1) One for all, All for one: When I started using the internet back in 2004, I had the same password for all my accounts. We all know that's not safe. As I started signing up on more and more websites, I realized that having the same password for all of them is like creating a master key for all locks. Anyone with the master key gets access to everything you are trying to protect.

Same-password-is-Master-key.png

2) Hard to guess but openly available: I changed my password to make it more complex. I had just updated my passwords with "@123" at the end. But the passwords were still relatable to me. Like my Sister's name, DOB, City I was living in, or the company I used to work for. Most of this information was readily available to the public through my social media accounts. I eventually took that information down, but we will talk about that in a different article. Anyone with the right mindset could have guessed these passwords with multiple attempts. I decided to change again.

3) Unique but common: I started using different passwords. Words that are personally not relatable to me. Remembering a lot of passwords is not fun. I had a set of 4-5 different password that I thought was unique. One of them was "P@ssw0rd". Another one was "dragon@123". I was using these passwords across multiple accounts, so they were still not unique. But it was hard to remember these many unique passwords. I thought these are secure until a google search revealed that these were among the commonly used passwords. If anyone had tried to brute-force into my account with an extensive password list, they would have probably got in. I had to make these passwords more complex.

4) Era of Passphrases: So there was a new trend in the market. People had started using passphrases instead of passwords. These are nothing but long passwords. Here is an example - "IlovePuneCity". Passphrases are hard to guess or hard to brute-force due to their length. I still had a hard time remembering so many unique passphrases. I was using an excel sheet with password protection to store these.

5) Social Auths, Privacy, and dependency: I signed up for over 100 different websites over the years. Remembering these many unique passphrases was not possible. The Excel sheet I was using was hard to maintain and was not very secure. I was signing up with my social accounts instead of providing my email and password. It was just easy to use my Goggle or Facebook account to log in.

Something was bothering me with this setup. I was too dependent on my Google and Facebook accounts to access other websites. I wanted to delete my Facebook account for a long time, but I was stuck as I had used it at too many places. These were also privacy issues. I was unsure what was shared between the websites I had signed up for and the Social account providers I was using (Google, Facebook).

This setup had too many risks. I had seen people losing access to their Facebook or Google accounts due to some or other issues. It meant losing access to all other websites where they had used that social authentication. Also, it was again a master key - Like using the same password for all accounts. Anyone with access to a google account would access all web apps where you have used google for authentication.

I decided to go back to using the email address and passwords.

6) Password Managers: I started using a password manager. There was no need for me to remember my passwords. I was able to generate solid and complex passwords. Almost like most of my password issues were solved. There was still one problem, I had all my passwords stored in a single database. No matter how encrypted the database is, there is always someone who can crack it. Storing all passwords in one single database was a bad idea. It was suicide if someone gets their hands on it. I still don't trust my password manager to protect my passwords all the way.

7) Divide and conquer: To make it more secure, I started dividing my password. Here is how I did it. I added a passphrase to the solid password generated from the password manager. I never saved the passphrase in the password manager. That was always in my head. This way, even if the password manager is compromised somehow, my passphrase will still save the accounts.

password-with-passphrase.png

8) Dynamic passphrase: Instead of adding the same passphrase to the passwords, I started using a dynamic passphrase. The first part of the passphrase was always the same, but the last part contained something unique to the website.

Dynamic-Passphrase.png

The journey here has been fascinating—my way of managing the passwords has become more and more robust over the years.

Let me know where you are with your journey. How do you manage your passwords?

 
Share this