Let’s be honest, passwords are annoying, sometimes even more annoying are the usernames. Perhaps you are one of the lucky few to have your username available on any system you use - I, however, find myself often in need of changing my username due to the systems requirement or someone else already consuming the name. This make the task of remembering passwords even more daunting when you need to remember the associated username.
Whether we like passwords or not, they are a vital component of security surrounding our every day lives ranging from bank and credit information to personal life in email and social networks. Considering the brain’s limited capacity and the sheer number of secret names, codes, and words a person needs to remember in this password-protected age, it’s no surprise that we struggle with this very thing. To add to this difficulty, many of us work in organizations that mandate a certain level of complexity within the password. This can prove to be quite stressful at a time of password decision making. Even worse, when this is required every 90 days or less, and your password can not be one of the previous three used, you start to pull your hair out and wonder if you’ll ever remember this new password that you must develop. Sadly, this often leads to a person grabbing a pen and sticky note from the desk to jot down the strange new concoction of characters that the computer has required, and we call this a password. I’ve found myself in the seemingly endless 15 minute loop of attempting to come up with a new, unique, complex enough password before starting the work day. ‘Too few characters’, ‘password can not be sequential’, ‘must use at least one capital’, ‘must include a digit’, ‘too short’, ‘can not be a previously used password’, and then finally you’ve developed the proper password and the message comes back ‘your old password is incorrect’. That’s enough to make you want to pull out your hair!
It’s no surprise that in unrestricted environments, the most common password is simply “password”. Besides serving as an easy-to-remember code for less-creative computer users, “password” is often used as the default password for many web sites and programs, making it extremely common and not at all secure. In other words, “password” is a bad password.
Other perennial favorites include “God,” “sex,” “money,” and “love.” Passwords based on the names or birthdays, partners, children, or pets
are also quite common. I would make a bet that the most common password on the market at the time of this post is simply the word ’spring’. People tend to be very situational with their passwords, thus making spring a very popular choice. Should we take a poll? Let’s just take a moment to state the obvious - if your password can be found on this page, then it’s probably a good idea to change it.
It’s an era of security breaches, online fraud, and phishing sites. Your password is the only barrier protecting your online security and privacy. Though it may seem trite, and you might think that you have no information to protect, I still think it would be wise for you to remember to choose a great password. What makes a good password you might ask? I can share with you a few things you should apply to each of your passwords, whether it be your bank information, your gmail account, or the logon that you use at work.
It is important to add some complexity to your passwords, try these things:
- Make it lengthy! (8 characters suggested)
- Use the entire keyboard! Don’t be afraid of punctuation, letters, numbers, or other symbols. Use these things in unobvious places
- Don’t leave your password blank!
- Think of a sentence or something you can remember that is not immediately associated to you
- Make up nonsense words from pronounceable syllables
- Interleave two or more words
- Never use your username as your password, or even a portion of it
- Combine letters and numbers to make your password harder to guess
- Mix upper and lower case letters to ensure tight security
- Try not to use words from the dictionary in your password
These thoughts will transform a good password into a great password! All too often, I can sit down at someones desk and guess their password before their system locks me out. This is NOT a good sign! Though I will admit the occassional defeat by the simple blank password, this is not a method that I recommend, a few keystrokes at too quickly of a pace can quickly uncover this simple trick. Though funny, not secure!
Think of the most simple password you might want to use, let’s say that the most common password at this time is spring. Certainly we can spice this up to become a good password, right? Follow me through this logic..
Let’s think through it…
Our current password is ’spring’
1. Let’s throw in a capital to make it more difficult. I chose the last letter, because the first letter capitalized is all too common, and besides - that’s just bad grammar
Password is sprinG
2. The password is still a bit short for my tastes, so how about we add something to the password, and lets do it phonetically
Password is sprinGthyME
3. Let’s add some punctuation to make this just a little more complex
Password is now $prinGthyME
That’s just a quick, short sample on how to make a very simple password a little more complex while still remembering the basic structure along with the pass-phrase. You might find your hands bending in contortionist ways the first few times you type your foreign password, but trust me - if you type that password every day for one week - it will soon be the most easy thing in the world to type - yet the most difficult to break! Your brain will intuitively remember the pattern you must use to enter your password, and you’ll barely have to think about it. That’s my thought for now, anyone else have additional suggestions?
Now you owe it to yourself, go change your passwords!
Hi Jeff,
your thoughts about making a great password are certainly useful. But it’s still better to never re-use the same password for multiple sites.
And if you are going to use multiple strong and complex passwords you definitely need a password manager.
(I know, I’m a tad biased since I’m the co-founder of Clipperz , an online password manager …)
With Clipperz you can do much more than simply storing your passwords
- direct login to online services
- offline version
- bookmarklet for quick data entering
- …
Give it a try and let me know your impressions.
Thanks,
Marco
Hi Marco, thanks for the tip - I’ll have to check it out. Honestly, I’ve never been a strong believer of a password manager simply by nature. The whole ‘don’t share your password’ type mindset carries with me even into password storage.
You say ‘never re-use the same password for multiple sites’, and while I understand your approach, I have to admit that’s just near impossible - if not stupid!
Your password manager is pretty cool, but what happens the day it goes down, or something else prevents access to all your unknown passwords. I personally use no more than five different passwords. I change up the password I am using based on the type of service. For example, logon to my email, network ID, etc - I use my strong password. When logging into social network services, and other sites that might seem a little less trustworthy, I feel I must use a different password in the event that the password is compromised. This way, the person who might unveil this password, my name, my email address, etc will not have access to my email, bank, or other important information.
In the event of a password loss, the possible entry points are severely lessened. At any rate, this approach does not work for everyone, and certainly some people need to store their passwords somewhere. Though I strongly recommend remembering your passwords, it’s good to have quality products available. Thanks Marco!
Jeff
Thanks Jeff.
You asked: “what happens the day Clipperz goes down, or something else prevents access to all your unknown passwords?”
Luckily Clipperz comes with an “offline version”.
With just one click you can dump all your encrypted data from Clipperz servers to your hard disk and create a read-only version of Clipperz to be used when you are offline.
The read-only version is as secure as the read-and-write one and will not expose your data to higher risks since they both share the same code and security architecture.
Read more here.
Keep the good writing!
Regards,
Marco
Thanks Marco for pointing out the tool and explaining some of its features. I’d be happy to look into it and maybe even recommend it! I’ll try to get to that in the next few weeks. I’ll let you know what I think.
Jeff, Marco, & Co.
I just signed up for Clipperz and I’m giving it a go. I gotta say I’m a fan so far. Its not much different than storing your passwords locally in an encrypted file. If you lose either password you’re out of luck.
I’m a little worried about the “all my eggs in one basket” issue, but for the social network-like sites it seems like a good idea. I still need to check out the offline version. If it works as described above I might be a fan.
Anyway, Jeff, have you had a chance to take a look at it? I didn’t see a post about it on your site yet.