Passwords are a necessary evil that we all have to deal with. Depending on your online behavior you may be dealing with a handful to dozens of accounts requiring a password, such as your personal email (iCloud, Google Mail, Hotmail…), online banking, Facebook, Twitter, Flickr, etc.
How many of you use a different password for every account, and how many use a complex password (by complex I mean, not your pet’s name but something like Z1ff#]3h)? If I had to guess I’d say not that many, and I don’t blame you – passwords are hard to remember, so we try to keep it simple – use the same, easy to remember passwords for all accounts.
Unfortunately, there are a couple of problems with this approach:
- Easy to remember passwords are easy to guess – so anyone knowing your pet’s name, your children’s name or your birthday has a good chance of getting into your account,
- By using the same password for all accounts, someone managing to guess the password for one of your accounts can get into all the others as well
So what’s the solution?
Before we’re getting there, let me tell you what the solution is not:
Writing all your passwords on a post-it and sticking it on the screen of your computer. I assume I don’t have to tell you why that is not such a great idea – especially at your workplace.
The better way to approach this problem is to use passwords that are easy to remember but hard to guess at the same time. Let’s take the following password as an example: Mhh3gda1g!
This password has ten characters, uppercase and lowercase letters, numbers and even a special character – so I’d consider it pretty hard to guess. But what about the easy part? At first glance, this looks like a hard-to-remember password. It’s not, and here is why and how I came up with the password:
- I thought of something that had a meaning to me – such as features of my house
- Then I formed a sentence around that thought, such as My house has 3 green doors and 1 garage!
- If I lived in a house with 3 green doors and 1 garage (I don’t), then this would be something pretty easy to remember
- Next, I took the very first letter of every word in this sentence and the numbers and added an arbitrary special character at the end
- Voila – I have my password: Mhh3gda1g!
Let me give you another example: The neighbor’s Dog is 2 fat for his size# results in the following password: TnDi2ffhs# – got it?
In this example, I spelled Dog upper case to have a second upper case character in my password.
Of course, you can change this formula to include more special characters at the end or somewhere in the middle. Now, this takes care of problem #1 – easy to remember passwords that are not easy to guess.
Now if you have only a handful of accounts, this approach alone may be enough to resolve your password problems – but if you have a large number of accounts, you may still end up with too many passwords to remember. The solution to this is a good password manager like 1Password, which I’ve used for a long time. 1Password is great because it supports multiple operating systems (such as OSX and Windows), multiple browsers (such as Safari, Chrome, Firefox and probably also Internet Explorer – never tried it since I’m an Apple user) and mobile devices such as iPhone’s, iPad’s and Android devices. And it even syncs between all of your devices – so you’ll always have all of your passwords on every device you use.
The browser integration is one of the key features because it allows you to generate a random password right from the account creation page.
The second great feature of 1Password’s browser integration is that it automatically saves the account credentials (username and password), should you decide to enter your password, and not having 1Password generate one for you.
Last but not least it can also manage Credit Card and other information and automatically paste it into web pages for you.
Here is how I use 1Password:
- I let 1Password generate a random password for every account I create (such as facebook.com). The advantage of this approach is, that if one of my accounts gets hacked, none of the other accounts are exposed. The disadvantage is that I typically don’t know the password for most of my accounts since they’re randomly generated and stored in 1Password (Note: make sure you have a good backup of your 1Password database!)
- To make sure I can get into important accounts I often use, even when 1Password is unavailable (i.e. when I access Facebook.com from another computer) I don’t use randomly generated passwords for those accounts, but instead, I use the formula above (easy to remember passwords that are not easy to guess). Of course, I store those password in 1Password as well.
Best practices suggest to change passwords often, and that’s especially true for important accounts, such as online banking. For those accounts I recommend to change your password every few months, but for not so important accounts that don’t have any financial information of you stored (i.e. your newsletter account for the local flower shop) I usually don’t change my passwords very often, especially because each of those accounts has a different password. So even if someone would hack into my flower shop newsletter account it would not cause any severe damage or affect any other accounts.
The worst thing you can do is to use the same, easy-to-guess password for all your accounts, since guessing (or phishing) that single password exposes all of your other accounts. Instead, use easy to remember but hard to guess passwords by applying the technique I described above and use a good password manager such as 1Password.
If you have any more questions, just leave a comment or contact me directly.