There’s no way around it – in the modern world we all have to remember passwords – and lots of them. Whether it’s for work, your phone provider or for your bank, it’s something we have to work with until technology presents a better way.
It can seem daunting to come up with a new password which meets our rules each time, while making sure it’s something that you can remember.
They should comply with basic best practice – which means that it must contain three out of four of the following:
· Uppercase character
· Lower case character
· Special character such as * or ! etc
The password must be at least 8 characters long, or it will be far easier to crack. For many years it was generally recommended to make the password a random sequence – such as 14YanM0$!
It’s true – that is a difficult password for an attacker to guess or calculate, but it’s also very difficult to remember, and that’s why people write their passwords down on post it notes when they know they shouldn’t.
It’s also true that something like Password1 is a terrible idea, even though it does meet the minimum standard.
So is there an easier way of handling this?
Passphrases could be a helpful approach – they allow you to create a longer password which will hopefully stick in your memory.
By using a phrase instead of a word, it becomes much more difficult for an attacker to guess. Password cracking tools also find this to be a much more difficult target.
So you could use something like: Is my bus arriving at 2PM?
· It’s more than 8 characters,
· It has upper case characters
· It has lower case characters
· It has a special character (spaces are allowed too!)
And even though it’s more than 20 characters long including spaces (yes – spaces are allowed on most systems), it’s relatively simple to remember.
- My journey takes 10 minutes!!?
- Going for lunch at 12:00 today.
These are just examples of a different way to think about passwords. Whether you choose to take this approach or not is up to you, but please give it careful consideration. Quite often, the weakest link is your personal email password – if an attacker gets into this, it’s likely that they can reset many of your other accounts from there by requesting a password reset link to be sent to the email address.
How else can I keep my personal accounts secure?
2-Factor Authentication – use this wherever you can. Google and Microsoft both support this for their email services, and it’s free.
Once you’ve registered your mobile with them, you will receive a pin number via a text message each time you log in. Nothing extra to remember – you just need to have your mobile to hand when logging in.
Password reuse – please don’t do it!
Choose different passwords for different systems. Otherwise if one system is compromised, the rest may soon follow. Look at the recent Yahoo case if you want to see how great the impact can be – 500 million accounts have been compromised.