Digital life management
In this modern world much of our life happens in the electronic realm. I’ve compiled of few of the methods I use for managing my digital life.
Passwords
I have literally hundreds of usernames and passwords I need to remember, so I developed a 4 tiered system to manage them all. I have username and password combos for:
- Systems that I control, which would be my own computer or server. I tell it to no one.
- Sensitive accounts like my bank or AdWords. I would tell very trusted people on a need to know basis.
- Things I care about but don’t see as a security issue, such as my 9rules login info. I’m not going to publish my login, but I don’t sweat who I tell.
- Things I’m forced to sign up for, such as the NYTimes.com or a software download. I don’t care who knows that info.
I also keep a black binder that I handwrite my login info because some places won’t accept my username and passwords of choice, such as I can’t change my 9rules Notes password to one I’d remember.
Spam
There are many types of spam; email, comments, websites, etc. I mostly care about the email spam and the comment spam I get on my blog.
For email, I have a multiple email account system.
- My personal email. I only give it to friends and family that are web savvy. I have to trust that they won’t use it to send me eInvites or other services that ask for my email. I also have to trust that they won’t send me forwards, especially if they will include my email in a header with a grip of others. If one of those other people in the header of an email gets a specific virus, it could find my addy in their inbox.
- My professional email. I give this to all business contacts and the friends and family that aren’t savvy. Then I rely on stuff like spam filters and PostGrey.
- My sign-up email. If I need to provide an email address to get a piece of software or to sign-up for something I only need to access once or so, then I use this throw away email. In fact, I use Gmail for it.
Information Rot
Information rot is the fact that there is information about me on the web that is now outdated and is now inaccurate and/or incomplete. That includes information such as addresses, resumes, and more. I’ve only recently started to think about this problem because of things like MySpace, LinkedIn, ZoomInfo, and more. The best thing I’ve thought of to date is to keep a record of places on the web where perishable information exists and to check on them manually as events in my life transpire.
Information Overload
I am an infovore. There are a lot of sites out there that I like to stay up on and a lot of people I like to stay connected with. I use an RSS aggregator to manage all of the feeds from the various sites I like. I use stratified communication to stay in touch with a large number of people. By stratified I mean email, text messaging, comments, MySpace, phone calls, RL, chat, forums, and more. I could write a huge piece about which communication type is right for which type of message, perhaps another time.
Identity Theft
I have been fortunate not to have this problem, but I take proactive steps to prevent it as well.
- I change my bank and credit cards once a year. That way if my number is floating around, it won’t be for long.
- I check my credit report once a quarter. If I see something weird, I look into it.
- I crosscut shred credit card offers that I don’t want. I don’t need someone completing the application on my behalf.
Extra tip
I suggest buying your legal name as a domain name. That way you can use it for a blog, your own permanent email address, or whatever else.
Do you have any techniques for managing your digital life?
Comments
Re: password management, I’ve recently started using OS X keychains to manage all my passwords, as well as login info for FTP, etc (you can store ’secure’ notes in keychains as well). Keychains are even sharable if you want to do it across your organization.
Justin, your insights are like daily WEB candy. Thanks for the advice.
I found you via the 9rules site, and was so delighted to find this extremely useful (and clearly written!) post. I have nothing to add, only because everything you say seems utterly complete. Now, I have to think about how to incorporate some of these ideas into my own information management.
Hundreds of passwords… I couldn’t agree more! I try and keep my passwords as secure as possible, well those worth keeping secure. I also have a handwritten piece of literature with my passwords in, just in case I forget them. Truth be told I often have more trouble remembering some of my usernames!
Regarding e-mails… I do have a personal one which I use for friends and family, although I don’t particularly like to give it out to companies however I have to give it out to some otherwise it would be a fuss on having to go from e-mail address to e-mail address (although not so bad using pop though) to receive my mail so I am quite lazy in that sense… I should really pull my socks up and do what you do with a personal and a sign-up e-mail. I do have an e-mail address to which I sign up to things but like I say some sign-up things need to go to my personal one…
After reading your entry I think I should replicate some of the things you do! – Some great advice.
good tips. well written, interesting, and made me think about some things I havent thought about before.
From pelf-ism is contagious » Blog Archive » How do you manage your passwords and what-nots? on April 11th, 2007 at 4:52 am
[...] If you have as many online accounts as I do (or probably more), I hope you find this article written by Justin Kistner — Digital life management — useful. He shares how he manages and uses his passwords and emails, and how he guards against identity theft. He organizes his “digital life” very systematically and perhaps, perhaps I shall learn to do that one day. [...]
From pelf-ism is contagious » Blog Archive » Digital life management on April 11th, 2007 at 5:26 am
[...] read more | digg story [...]
Nice read. Some people may call this paranoia, but hey, the world has changed. We are all secure until we get compromised
Found this post via another site, so I’ll kick in my $0.02 worth also..
I use this fantastic little program: Password Safe. I’ve got it programmed to a ‘hot-key’ on my keyboard for quick access and it allows me to have (and generate) unique passwords for sites. It also stores login, URL, and anything else you want to remember. I like the idea of a notebook, however, my handwriting is horrible to begin with and I’m likely to lose it… The only real drawback is when I forget to update the database on my USB key/stick/whatever with the current one from my main notebook. Other than that, it’s the only way I’ve found to SAFELY keep track of all the login info… I think I’m approaching 250 entries so far….
Great tips Justin, sorry it took so long to read them!
One thing I’ve been doing recently is merging all my email into just my @9rules.com address since I sold Business Logs. Keeping track of multiple email addresses is tough, especially for my non tech-savvy parents who are confused by the different options
Aidan, thanks! Glad you found some good tips here.
Jibran, I wouldn’t say paranoid as much as I would say digital life management tips. If identity theft weren’t a common reality, then perhaps it would be paranoia. As far as a tiered password system, that’s just about convenience.
William, I’ve seen more and more people using password wallets, such as PasswordSafe. I haven’t looked in that specific one, but I will know. Thanks for the tip!
Mike, first, congrats on selling BusinessLogs. I’ve had at least 3 main email addresses in the last 5 years and it is confusing to people. How are your merging them? Are you just forwarding them to a single box?
I store my passwords in excel file packed with WinRar protected by password.
Justin,
your advices are very sound! But if you are going to use multiple strong and complex passwords you can’t remember all of them and you definitely need a password manager. And, even better, a password manager that can protect not just passwords, but the whole set of confidential data that constitutes a large portion of our digital identity!
(Yes, I’m a tad biased …)
Using a password manager is not merely convenient, it’s an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.
Software products are certainly an option, but you could also consider a web based solution.
Clipperz is an online password manager that can do much more than simply storing your passwords.
- ubiquitous access
- direct login to online services
- offline version
- bookmarklet for quick data entry
- nothing to install or backup
- …
It’s free and completely anonymous.
Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.
The key for the encryption process is a passphrase known only to you.
Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.
For any further information refer to our website:
http://www.clipperz.com.
Marco
Clipperz co-founder
Marco, thanks for the thoughtful reply! I’m curious, what happens if your Clipperz account is compromised? I read that they wouldn’t be able to view your password library in plain form. Couldn’t the unauthorized person use the service in the way it is intended for authorized users? I am interested in password management as I think it will be an important part of digital life management. I’m also curious what other types of data you secure through the Clipperz service.
@Justin
> what happens if your Clipperz account is compromised?
The only way to compromise a Clipperz account is getting hold of the user passphrase. Even if someone steals our servers he will not be able to access any user data in clear.
> Couldn’t the unauthorized person use the service in the way it is intended for authorized users?
Definitely not. There is nothing he can do to exploit the service without the knowledge of the user passphrase.
> I’m also curious what other types of data you secure through the Clipperz service.
Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the “zero-knowledge” web apps.
Applications where the provider is simply in charge of delivering the Ajax code to the user’s browser and then storing user’s data in an encrypted form on its servers.
Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.
Detailed information about the crypto foundations are available here:
http://www.clipperz.com/learn_more/crypto_foundations
The “zero-knowledge” paradigm could be used for a wide range of applications: a personal finance manager, a confidential to-do list, patient records for physicians, …
Clipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES, SHA2, Fortuna, SRP, …).
Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.
More info about performing a security code review is available here:
http://www.clipperz.com/learn_more/reviewing_the_code
You can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license.
Download it here: http:/code.google.com/p/clipperz
Feel free to contact me for any further information,
best regards,
Marco
I guess that’s what I’m curious of. What if someone learns of your user passphrase? Doesn’t that open them to all of one’s services no matter how many passwords one has. Not that they would see the other passwords, but they could login to the various places managed by Clipperz. My curiosity stems for wondering what good is it to have multiple passwords if they are ultimately controlled by one? Wow, that sounded a little like a line from Lord of the Rings. Hehe.
I’m quite interested in the “zero knowledge” concept for secure identification. I’ll check out some of those links.
> My curiosity stems for wondering what good is it to have multiple passwords if they are ultimately controlled by one?
Password managers (both software and online) are tools that enables you to remember just one very strong password to protect your many other very complex passwords that you don’t have to remember.
The alternatives are well known: use the same password for all your accounts, or use easy-to-remember (and to guess) passwords.
The choice is up to you.
Marco
Thank you, Marco. Your comments are helpful. Managing identity in this modern life is no doubt a complex problem and I’m stoked to see companies like Clipperz working on the issue.