Passwords can be a pain to deal with, but they’re the best we have.
Many of us take the shortcut of having only one or two passwords memorised, and using them everywhere. Sure, this is easy, but it’s also easy to leave the doors to your house unlocked. Keys are too heavy to be carrying around, right?
When you use strong, unique passwords, you give yourself an advantage over nearly everyone else. You’ll be far less likely to see your bank account drained, be locked out of your email account, have your business attacked, or other entirely preventable tragedies. Classic ant/grasshopper situation.
“OH, THERE’S NOTHING IN THERE OF VALUE”
Not so ‒ if there were no value in it, you would not have signed up for it. And if it were valueless, why bother protecting it with a password?
There are many reasons why your accounts are targeted:
- to control as many accounts as possible on the service.
- to pivot into your other accounts (e.g., email account → phone account → bank account)
- to impersonate you to other people.
- just knowing the kind of password you like to use.
- some people just like to mess with you for a laugh.
“I’M TOO SMALL TO BE A TARGET”
Nope. There are hordes of hostile machines out there, running 24×7, with the sole intent of finding and controlling your stuff. You will be found.
Besides which, you’ve probably already shared a password or two with people close to you. You trust them, but do you trust everyone they trust? Will you trust them all forever? By reusing passwords (even with variations), you’re relying on them to keep all your secrets, not just the ones you’ve shared with them. You’ll have a whole lot of work to do, when you need to change that password everywhere you’ve used it.
Also, some sites have poor security practices that will make your password public knowledge.
Biometric security is not a solution; not only do you use the same face / fingerprints / retina scan for every service, but when a single one of those services is compromised, you can only cross your fingers and hope that your now-public biometric data isn’t ever used against you.
I’M SOLD! WHAT DO I DO?
Use long, memorable passwords.
It’s a myth that passwords have to be short and full of unusual characters. They’re ill-suited to their primary purpose: being remembered by humans.
You don’t even need to think them up yourself; here are several sites that will do it for you:
- xkpasswd.net (click the ‘xkcd’ preset, on the right)
Here are some memorable results that I would use:
- remarkable animal fill hollow
- observe job piano bring
They each evoke a particular story, and stories are easy to remember. It’s better to have many unique, memorable passwords than few complex, short ones.
Now, you’re ready to protect yourself! (not least from the people who would say “I told you so”…)
Look out for the next post on this topic: Password Managers.