A challenge that we all face in the digital age is password management. It is a challenge because, to do it right, we have to satisfy two competing standards—convenience and security.
We place a huge premium on convenience. And since convenience is nothing more than a measure of time savings, we could say that we place a huge premium on saving ourselves time. In practice, if we have five things to get at the store and can either get them all at one store, or travel to five different stores to get one item at each, we will likely always choose to go to the one store where we can get them all. We will choose the convenient option.
We also value security—we want to feel secure, or safe. And we want to be safe, although sometimes when we’re not actually safe, we won’t take corrective action as long as we feel safe. Either way, we usually choose things that make us feel safe, over things that make us feel vulnerable. In practice, and where our various online and computer accounts are concerned, if we are given the choice between doing online banking on a site that does not encrypt our communications (highly illegal, of course) vs one that does, we’d likely always choose the bank that protects the transmission of our financial data. We will choose the secure option.
Two Standards, One Continuum
The problem here is that convenience and security are on opposite ends of the same continuum; generally, you cannot not increase one without decreasing the other. IE, if you choose convenience, you sacrifice security and vice versa. We see this everywhere in our lives.
For example, it is more convenient to never lock your front door than it is to lock it because if you don’t lock it, you’ll never have to bother with using a key to get in. Of course, this comes at the cost of security, since if you don’t lock the door, anyone who wants to could also just open the door and waltz in. More convenient still would be to have no door at all, while security would suffer accordingly.
The same applies to our online account or computer access. Using no passwords would be very convenient, but our information would be constantly exposed to anyone who bothered to look for it.
Of course, on the other end of the continuum is security. If we want extra security in our homes, we can install stronger doors, better locks—even multiple locks—put bars on the doors, chains on the doors, a security guard at the front gate, trained guard dogs in the backyard, and motion-sensitive machine guns in every corner of the property, etc. Any combination of these things would provide us with increased security, but they would each cost us some convenience. Or maybe a lot!
Juggling Password Convenience and Security
The same goes with our password use. If we want our accounts to be secure, we use stronger passwords—those comprised of several random letters, numbers and symbols. But these are difficult to remember. It is much more convenient to use our birthday or last name as our password, since we’ll likely never forget these. But these types of passwords are not very secure, as they contain information that is either already in the public domain, or very easy to obtain. So the convenience of using insecure passwords is an every-present temptation. And one that is very frequently indulged.
Then there is the increasing volume of passwords we manage. As our accounts multiply, we often use the same password, and varying password requirements from account to account likewise cause us trouble, as we are obliged to use slight variations of our “favorite” password. This all contributes to our list of passwords becoming unmanageable. Think of it; most of us have at least a handful of password-protected accounts on computers, phones, apps or online. Some of us have them in the tens. Others, perhaps, have a hundred or more. I know this challenge from personal experience; as a website host and web designer, I hold several hundred credentials for accounts of various kinds—both for myself and for clients.
So, as the number of password-protected accounts we us increases, we feel more and more pressure to find a convenient way to manage them all. But if convenience and security are on opposite ends of the same continuum, that means we have to sacrifice security in order to make it easier for us to handle all our passwords. Studies have shown that many people have no problem sacrificing security for convenience. They’ll use the same password for every account (and a weak one at that), opting thereby for maximum convenience, while significantly diminishing the security of their information or finances. That’s a risky, risky proposition.
Cheating the Continuum
This brings us back to the convenience vs security question. As I mentioned above, convenience and security are at opposite ends of the same continuum. But not all conveniences have the same effect on security. There are means of providing ourselves with convenience while having little, if any effect on security. Such means are the diamonds in the rough—the sweet spots. It’s like cheating the continuum—to be able to have convenience and security. This is where we want to be, if we can get there.
This is where OnePassword comes in—Aspen Digital Services’ first publicly-available software solution. Built using Apple’s Filemaker Pro® database software, OnePassword aims to provide the convenience of using just one, easy-to-remember password for all accounts—computers, online…anywhere—while retaining maximum security for those accounts. Some would say it is impossible. OnePassword proves them wrong.
What OnePassword does is take several inputs that are easy to remember—an account name, a username and a “parent” password, at least—and from them produces an encrypted password (a “child,” if you will) that is strong, and which would be used for only that account and username combination.
For example, if I have a Gmail account and my username is “firstname.lastname@example.org”, then, in OnePassword, I would enter “Gmail” as my account and “Bob” as my username. Easy to remember? Totally! Although I don’t actually have to remember these, as OnePassword will store them for me, if I want.
Use an Easy-to-remember Password
But what about the password? I want it to be easy to remember. Something like “HappiestDays” ought to do. That’s very easy to remember. But is it secure? Not really, no. It uses recognizable words and few unique characters. Kaspersky’s password-strength checker suggests that it would take an average home computer just 16 hours to crack it. Not good.
But use it as the “parent” password in OnePassword, and for my “Gmail – Bob” account it becomes:
Now that’s a mess and one that, according to Kaspersky’s same tool, would take the same average home computer “10,000+” centuries to crack. So it’s strong. BUT, it is also easy to remember, because I don’t have to remember the messy, encrypted password—I only have to remember “parent” password that generated it (provided I use OnePassword to store my account and username).
Use the Exact Same Password for All Accounts
But what about other accounts? Can you use the same “parent” password for those? Absolutely. Part of the strength of OnePassword is that it wants to use the exact same “parent” password for all your accounts. That is the whole point! So if I have an online bank account at “My Community Bank” and my username for that account is my Gmail email address, my unique inputs might look like this:
Account: My Community Bank
Then I enter the exact same password I used for my “Gmail – Bob” account and OnePassword produces:
Another strong password! And both from the same “parent” password—”HappiestDays”—which is easy to remember.
Start with a Decent, Easy-to-remember Password
Now, even though OnePassword can take even the weakest password (think “aaaaaaaa”) and generate something stronger from it, we would still be wise to start with a decent “parent” password. Perhaps instead of “HappiestDays” we start with “1HappyDay8” which should also be easy to remember. This is not necessary, but it is still good practice. And since we’re using to spawn strong, encrypted passwords, we can use it as our “parent” password over and over and over, with absolutely no risk to the security of our accounts.
OnePassword = Convenience AND Security
By now you should be starting to see the power that OnePassword gives you—the power to have the convenience of just one easy-to-remember password for all accounts, but with none of the sacrifice to security. In fact, for most people, using OnePassword will result in significantly greater security for their accounts, since the passwords it produces will be stronger than what they’re currently using at least 99% of the time.
Another benefit to using OnePassword to generate encrypted passwords for your account is that the only place the “parent” password need ever be recorded is in your head, which is by-and-large uncrackable, figuratively speaking. In fact, OnePassword will not store your “parent” password. Ever.
Another plus to using OnePassword is that you have full control to create a systematic approach to labeling your accounts and usernames—and variations in this approach will produce entirely different encrypted passwords. For Example, just change one letter of the inputs above (change “My Community Bank” to “My Community Banks“) and the resulting encrypted password is entirely different:
Download the OnePassword BETA
But enough talk. You simply need to try it! Click the link below to download the BETA and see how easy it is to finally have a convenient password for all your accounts, while also having security via the encrypted passwords it generates. The BETA version is fully functional, but be aware that it will expire after a few weeks. But don’t worry—when it expires, come back to this page and download the newest BETA. And watch for the release of the final product!
So here’s to strong, convenient passwords!
Feel free to leave comments or questions below.