This has been on my mind for a while and I’m keen to get it out there.
Password Security is important
On a daily basis I deal with quite a few websites, email and social media accounts that belong to other businesses. In general, I’m pretty stunned at how bad people are at maintaining secure passwords, even IT savvy people who you’d expect would know better.
We all know to steer clear from the abc123 type passwords. However when Adobe suffered a password breach recently – it was discovered that 68% of people used the password 123456. Crazy. Some people will read that and think to themselves “well, I’m not that bad…” however there are still an alarming number of passwords based around surname, date of birth, home town etc. These are all a bad idea as they can be discovered relatively easily.
I have what I think is a pretty robust approach to passwords. It’s pretty much impossible to guess and also gives an easy way of having lots of passwords without having to remember lots of passwords.
1. Start Abstract…
My recommendation is to start off with a long word/phrase (more than 8 characters and include 1 or 2 uppercase letters) something easy to remember but totally unrelated to you from an outsider’s perspective – maybe:
- your favourite indian dish
- your favourite walking/biking/skiing trail
- a household chore that you hate
- a mountain/lake/river/National Park with an interesting name
- an interesting descriptive word
If you’re feeling adventurous, try swapping a few of the letters for symbols (@ for a, $ for s etc) or breaking up words with symbols. This will mean that your password meets some of the stricter criteria required by certain systems.
Pretty much every password you are asked to create on the internet these days requires numbers, so add 2 or 3 before/after your initial word. No sequences, phone numbers or birth dates! Don’t worry about it being hard to remember – this is going to be your “only” password going forwards.
3. “Unique” but easy to remember
The clever bit of this is that at you use a different password for every given system/account. You do this by including the initials of the system/account in the password. Always include it at the start/middle/end so you remember where it goes. An example would be to add “NF” somewhere for Netflix (using caps will also help with meeting caps requirements).
Your New Password:
So – you have your 3 components – lets say you picked Tasman as your main word, 252 as your number. Your passwords would be:
T@$man252NF for Netflix
T@$man252ASB for your ASB Internet Banking
You’ll find it hard to remember to begin with, so it’s a good idea to write yourself a clue to jog your memory. However as with all your passwords it will quickly become muscle memory for the word and number, and the service initials should be easy to recall.
While I use the methodology above for critical passwords, I also have sooooo many passwords to remember (customer websites, ftp accounts, hosting control panels and email accounts) and I refuse to duplicate…. So I’ve just started using LastPass which is a free encrypted password manager. It’s been really helpful so far.