Keeping a Password Journal

What is a Password Journal?
With so many systems to keep track of it is increasingly more difficult to remember your user name and password for each.   This site requires 7 digits, that one 2 special characters, and this one is ALL CAPS.
On top of that, which e-mail did I use?  I have my outlook, gmail and my Hotmail e-mail addresses that I use for this type of thing!

In the computer world we refer to your user name and password as your “credentials”.

A Password Journal is an electronic file where you keep all of your credentials along with which organizations they apply to.

There are lots of ways to store your credentials!  In this article I am going to focus on
1 suggested method called “Keeping a Password Journal”
and
3 methods I highly encourage you to avoid.

“Keeping a Password Journal”

This concept is very simple.  Create a well-organized spreadsheet that contains the user names and passwords to everything you have access to – and then protect it.

You can do this in Excel or in Google Sheets, or even in a word processor like Word or Google Docs. (I prefer spreadsheets so I will use Excel as my example).

The MOST IMPPORTANT things to remember when creating a Password Journal are:

1. Save the Journal on multiple devices
2. Protect your Journal

Save the Journal on multiple devices

If your only copy of this journal is on your computer; and that computer is damaged, stolen or simply dies, your data will be gone!  You must be diligent to save a copy in another location on a regular basis (to ensure your most recent adds or changes are reflected in all copies).

Where should I save it?  Your best primary location would be on your C:Drive of your personally owned computer (in a location you know how to find – like My Documents).  Good second (or third) locations would be on an external hard drive, in your online cloud drive (like Google Drive, OneDrive, or iCloud).
You could also e-mail the journal to yourself as an attachment – which you could then file in your e-mail or store on your mobile device. 

Keep in mind that external hard drives and thumb drives can easily be erased, shocked, rattled or simply stop working.  If you choose to save to an external hard drive, make certain you have it saved on MULTIPLE hard drives. It is unlikely that all of your external devices will fail at the same time.

Thumb drives are my lowest recommendation.  Thumb drives are easily lost, misplaced, shared without remembering what is on them – and in most cases thumb drives are designed to fail after a specific number of transfers.  They are also very easily shocked as they are commonly placed in a pants pocket where static electricity may cause erasure of your thumb drive contents.  Thumb drives (Jump drives) should only be used as a method of transferring data from one device to another.  They should never be used as permanent storage.

Protect your Journal!

Your computer is exposed to others daily, whether you realize it or not.  The safest computer is one that is turned off.  Before I get into protecting your Journal, here are a few things you SHOULD be doing to protect your computer:

1. You should be using a Non-Admin user account to function on your computer
   (Even your personally owned computer.  As much as you might think it is cool to be an Admin, not even IT people use an admin account unless they are intentionally installing or uninstalling software.  Using an admin account on a regular basis is just not an intelligent move)
2. Your password should be something that a dictionary checker cannot find.
   For example passwords like “PraiseHim1” can easily be found using a password decoder that
   looks for real words and numbers.  A “better” choice would be “Pr@1S3H1m1”
3. Do not use passwords that can be guessed.  More than likely you have a social media page (like Facebook or Instagram).  On those pages you probably have your dogs name, your spouses name, your kids names and hobbies.  Maybe not listed in your “About” section, but a little bit of scrolling down your timeline I bet I can find out your birthday!  Your friends or family probably wished you a happy birthday along with a funny picture… and likely you posted something to  follow it like “50 is the new 30” which means I now know not only the day and month, but also the year you were born.
4. Make certain you are required to enter a password to use your computer.  It may seem like a pain in the butt, but do not simply have your computer log you in by itself when you turn it on.
5. Turn your computer off EVERY NIGHT.  Your computer is just like you – it needs rest. Let it clear its thoughts and start fresh every morning – trust me as silly as this sounds – you will get better performance and longer life from your computer if you reboot every day.

OK Lets protect your journal!

If you are using software like Excel, you have the ability to password protect the Excel.xls file itself.
In Excel click File on the top left menu.  Select the Info tab.  Click on Protect Workbook.  Then click on Encrypt with Password.

(If you are using other software, OR if these steps are not correct for your version of Excel, do a google search that says “password protect _____” and in the blank space write in what software you are using.)

Here are very important things to remember:

1. If you forget the password to THIS you will NEVER be able to get in.  The password you use to encrypt your journal should be one you will NOT forget.  There is no 2-factor authorization.  There is no “forgot password” button.  There is no e-mail associated with this account that will help you get back in.  You either know it or you don’t.
2. Name your Journal something that is NOT OBVIOUS.  “Johns Password Journal” is NOT ACCEPTABLE.  Avoid using file names that include your name, the word “password” or the word “access”.  If I was malicious and attained access to your computer the first thing I would do is perform a file search for the word “password”.   A good suggestion (as long as you can remember it) would be something like “knitting patterns” or “breeds of dogs”.
   
   
   These practices ensure that even IF your Journal is found, nobody will be able to gain access to its contents but you.

What should the contents of my Journal look like?

You can set up your Journal however you like – there are no right or wrong methods.  I will show you how I have mine set up so you have an idea of what I am talking about:




1. Tabs :  Separate your credentials by category.  This will make them easier to find.  Note in my example that I have all my Bank information on the same tab.  All of my car information (My VIN#, my iPass #, the website where I renew my license and registration are all stored there – in fact I keep a list on that tab of the date and what repairs were made to my car – such as “10.1.18 – Replaced Serpentine Belt”)
On my House tab I have the name of my Home owners Insurance company, my agent’s name, and things like “1.2.15 – replaced roof” and “ 2.10.18 – Sump Pump replaced”

2. Text Formatting:  I like to bold certain parts of my Journal so that it is easier to locate with my eyes.
Colors and Bolding will help keep your Journal “easy to look at”

3. If you are using Excel you can use the “Find & Select” tool to help you find the needle in the haystack.
I literally have over 1,000 entries in my journal.  While the tabs help me narrow my search – sometimes I just need to have the computer find something for me.

Click on the Find & Select button in the toolbar at the top of your screen


Click Find and this screen will pop up



I can’t find my credentials for Netflix.  I typed in Netflix and changed the Within dropdown to “workbook” so that my search is not limited to the Tab I am on.  Click Find Next until you see what you need!

Now let’s talk about methods of storing your credentials that I DO NOT recommend.

1. Storing your credentials in your browser
2. Writing them on paper or a sticky post-it and leaving it on or near your computer.
3. Avoid using Fingerprint and Facial Recognition (alone)

1. Your browsers (Chrome, FireFox, Internet Explorer, Safari) are designed to store your credentials for you so that you do not have to remember what they are.  Creators of Malware and Viruses know this as well as anyone else.  You are probably aware that your browsers receive or require updates regularly.  This can be for newly added features, but more often it is because they are repairing a hole in their security system that someone has taken advantage of.
   
   While this may be very convenient for you, it is also very dangerous in two ways.
   First, if your browser forgets that information, is reinstalled, crashes – or your PC is lost stolen or dies – ask yourself – “is that the only place I had my credentials?”  if it is – well you are likely in for a headache if not out of luck all together.   Second, if your credentials are stored in your browser and someone finds a way to take them from you, you won’t know it until it is too late.
   If your bank account credentials are in your browser and tied to your web-mail (gmail, yahoo etc…) which also have your credentials stored in your browser, someone with mal-intent could change your password to your e-mail account as well – which means when you attempt to log into your banks website and it doesn’t work – and then click on “forgot password” – it will contact your web mail – which you no longer have access to.
   
   My recommendation is to NEVER allow your browser to save your credentials.
   If you decide to store your credentials in your browser, please make sure you also have that information stored in your Journal.
2. Sticky Notes, Post-Its – hanging in your office, under your keyboard, in a drawer etc…
   They can’t be electronically stolen!  That’s a plus!  Are they handwritten?  Do you have a method to identify capitalization, zeros vs. O’s, 7’s Vs 1’s?  If your notes are handwritten be 100% positive you can easily identify those characteristics.  Many security systems today will lock you out if you mistype your credentials more than a few times.  If you are in a public office where anyone could walk by your desk and see your passwords written on a sticky note, you might as well leave your credit card on the desk and your keys in the ignition f your car with the door wide open.
3. Fingerprint and Facial Recognition.  What an amazing set up tools these vendors have come up with that make it so you don’t have to know your own passwords to attain access!
   In the event that your camera and fingerprint reader stop working, are you prepared to type in your password?  What if you drop your phone and damage the reader and the camera?  What if you are wearing a Halloween costume and the phone does not recognize you?  Similar to having your browser remember your credentials, if you do not know what your passwords are while the computer quickly does the footwork for you, you are setting yourself up for a headache somewhere down the road.  Do not solely rely on the device to remember your credentials for you.

Please keep in mind that these are solid suggestions, but they are not impervious.   As technology changes daily, new electronic methods are developed that can expose the data on your computer, web, cloud etc…  Always be cognizant of storing your credentials in multiple places and do not label them an obvious name.  Always consider the concept of identity theft and prepare yourself with the necessary information to re-establish the relationships you have with your vendors.


As always, if you have any questions or concerns do not hesitate to contact me, or any IT person.

John E. Tate IV

IT Help Desk Coordinator

The Salvation Army
Central Territorial Headquarters
5550 Prairie Stone Parkway

Hoffman Estates, IL 60192

847.294.2030

847.227.5030 (f)