As you shuttle between projects at different agencies, or even different databases at the same firm, it’s easy to lose track of  passwords.  Unfortunately, few things can hurt productivity like waiting for technical support to reset your account, as your peers will get a head start on reviewing.  For some platforms, a response to a reset request can be measured in hours.  Once you’re finally in the system, it’s hard to catch up. Your metrics will look terrible.

I generally take two different approaches to solving this issue.  Where possible, I employ a unique but systematically generated passphrase that is secure but requires little or no memorization.  When I can’t, I resort to documentation.  It is, of course, incredibly important that you record a password in a way that doesn’t allow it to be easily exposed to others or violate any client or facility rules.

Generated Passphrases
I am personally a fan of passphrases.  XKCD does a good job of explaining how simple phrases are not only secure but easy to remember.  For accounts like review platforms, my phrase will relate to something visible or known to me when attempting to login. For example, if the platform was Xerox and the project was called Steel Chair, I might make my passphrase Vendor Chairs Xerox Steel.  Come up with your own system, stick to it, and you’ll find the easiest path to memorable (and secure) passwords.

Dealing with Password Requirements
Not all password options, however, allow a long passphrase.  Some also require special character combination rules.  These might include adding numbers, symbols or capitalization under certain rules.  For most of the restrictions that I encounter, having a 8-12 character password with one capital letter, two numbers and one special character is ideal.  To handle those, I’ve picked an easy-to-type pattern and substitute something memorable in certain spots to make the password unique.  For example, if my pattern was X32??????#@Y, I could replace the ? marks with something I’d remember on the matter, like the matter name.

When All Else Fails
Sometimes, the password requirements for a system will not allow you to use your personal patterns.  In that case, look to meet the complexity rules and record your password in a secure way. If you have access to internal email, it may be as simple as emailing yourself a prompt that will let you remember your password (or, if the system assigns you a password, making certain you save the password in your mailbox).  Make certain to flag or folder the message for easy access.  In the alternative, and if it is approved by your employer, consider recording the password on your smartphone using a password tool like LastPass or 1Password.  I personally have found these tools to be incredibly valuable for managing work and personal passwords.

A word to the wise: Some review platforms and computer systems allow the management or support teams to recover your actual password.  While it may be tempting, never use the same password on all your systems and accounts.  If that password is compromised in any way, someone with access to that login could easily use it to connect to other accounts.  While this is important for your personal accounts (password breaches are a frequent occurrence), it is especially important to use secure, unique passwords to protect client data.

Illustration courtesy of xkcd. Don’t use “Correct Horse Battery Staple” as your password.