Giving computer or password-management advice to people who don't have lot of experience with IT has always been challenging: there is a lot of background information that you need to know before it all starts to make sense.
And eaching colleagues to use a mouse back in the 1990s was a lot easier than explaining on-line services and security is in the twenty-teens! I know that I'm not the only person who struggled to explain the difference between email and gmail to someone who just didn't understand "gmail is one type of software for doing emails" - he just kept asking "so what does fmail do?"
To help with this challenge, Google have released a very carefully written article with advice about managing passwords. My guess is that lots of research went into working out exactly how much someone who uses a few on-line services needs to know, and how to explain it simply.
They key points they cover are:
- Use a different password for each important service
- Make your password hard to guess
- Keep a copy of your password somewhere safe (and yes, it's ok to write it down, provided you write it somewhere safe)
- Set a recovery option.
And of course the article has plenty of useful links to show you how to do these things for your Google account.
There are a couple of things that I would like to say a little more about.
How to identify your important on-line services
This is a very personal process, and may vary over time.Google, of course, think that your Google account is important. But that may not be true for everyone. For most people, the important services are:
- Ones to do with money (on-line banking, AdSense, AdWords, other affiliate accounts, Amazon and others that you have your credit card listed with)
- Their primary email account - the one that you set as the password-recovery email for other online services.
After that, it's very individual. For some people, Facebook is important, while other people don't use it at all. Ditto Twitter, LinkedIn, YouTube etc. Job-hunting websites may be very important at certain times in your life, and of no importance at all in-between times.
Personally, I started deciding if passwords were "important" or not years ago: ones that are vital always get a unique passphrase, while lower-priority ones usually get an obvious variation on one password that I use in lots of places.
Keeping your passwords somewhere safe
The issues you need to consider here are probably wider than you think.Most people plan to deter hackers and other malicious people. Keeping passwords in a paper notebook in your bedside table, not beside your computer, is probably enough to keep things safe from them. (Unless of course you are so famous that hackers might break into your house looking for your password - and if that's the case, you probably don't need to read this post!)
But it might not keep them safe from obsolescence - for example from becoming out-of-date when you change a password or set up a new account on your computer but don't immediately walk upstairs to update your notebook.
And it most certainly won't work if there's a fire in your house: your passwords will be safe, but totally inaccessible too. And while it's easy to say that if your house burns down you've got more important things to worry about, for people who make their living on-line, losing access to their accounts could make things a lot worse.
Personally, I haven't worked out a good solution for this yet: it seems to me that it's some kind of balance between keeping password in safe on-line services (as much as any electronic "vault" is every really secure), and using a range of off-line options.