User names and Passwords
Much of the following is only applicable to the JCC website. You will find some of the recommendations do not jive with what you were told years ago. This is due, in part, from what has been recently learned from behavioral studies. In other words, studies that looked at the whole process and especially at how we really live.
On the JCC site, you will have requested your own username. It, ideally, should not be guessable from your real name. It is not a password and does not have to be complicated or obtuse. For the most recent version of WordPress, new usernames cannot contain spaces, special characters, or even dashes or underlines. You may not use your email address on the JCC site as a username. Usernames cannot be changed but your account can be deleted and a new account created with a different username.
These are some usernames samples: Stonehenge, BlueEagle, EbbandFlow, Jonny73.
Please write down your username. Do not try to remember it.
WordPress does not validate these so you may choose to use a phony one. Remember two things about email addresses:
- The same email address cannot be used by two different users on the website and
- It is your lifeline to receiving a link to reset your password. If you use a phony email address you break that lifeline.
This concept got off to a bad start. It was always said you should pick something you could remember. Really? You should have a different password for every site. Really? They should be changed every_______(pick you own period). Well. It is just not possible. So let us get a process that works.
First, there are three levels of password by importance. This is not true either but just go with it as a way of thinking about the issue.
Level Three: There are sites that collect email addresses to “keep you informed”. They do not have personal information or credit card data, etc. You never give your real birthday out! Do you? For these sites, just use junk passwords. If someone steals your password to Martha Steward, it will not be a real issue for you.
Level Two: Sites that may contain some personal information. Let us put JCC in that group.
Level One: Sites like banking where security is crucial.
We will discuss the level two sites only.
On any site, do not accept the suggested password from a password generator. You will never, ever be able to retype it. Just type over the highlighted gobble gook.
Sometimes, as you type, the letters become dots so you must write the password down first before you enter it. Where do we scribble down the proposed password? Well I use a spiral binder as scrap paper. I will move this password into my system but for now it may change and, of course, sometimes I just forget to transfer it. Now, I have to find my scrap of paper which, I can, because it is in my binder— not thrown out with the real scraps of paper.
How to choose a password. Our site indicates the “strength” of your password as you type. You should get to strong. I would be negligent if I did not recommend that. The only way to get to strong is to have a very long password or to include letters (upper and lower case), numbers and characters. Avoid real words and avoid letter or characters you cannot read with certainty. Some stuff just looks alike and you will not decipher it later. Avoid the problem from the beginning. Write out eight to ten digits. Use at least one from each of those four groups, remember:
If you look at a keyboard you realize that a capital four (4) is a $. So if you have trouble typing a $ don’t— just type a capital 4.
Therefore, my hand written note of a password looks like this:
This is typed as Aa$c&3*B28. You see why I tell you not to try to remember it.
This is one way. Do develop you own method. It is hard to read most password notes. Do NOT scratch out stuff. Take the extra 20 seconds and rewrite it.
Let you browser remember your level two and three passwords. Do not let your browser remember your banking and other Level One passwords? Keep the Caps-Lock key turned off.
Where do you save the passwords?
The location needs to be able to grow and mutate. I love a Rolodex for this. The problem. I cannot take it to Chicago. Nevertheless, pages come and go and it has tabs (A B C) for the site names.
Address books work for some. They are more portable but they become a mess after a few years. In addition, if you leave it in Starbucks you have a real problem.
You can put it in the cloud but then you need a system to hide the meaning to outsiders.
Recently, one of the password managers was hacked and compromised. Ouch!
Please add your recommendations below.