Your Password Stinks

Don’t take this personally, but your password stinks

Please don’t take this the wrong way, but the passwords you use on the internet every single day probably stink. Do not despair, read on because there is a fix.
Let’s face it, passwords are a major pain in the backside to keep track of. Every web site that you visit will ask you to create a new user id and password. It quickly becomes daunting. All too often we take the easy way out.

The most common crutch that we use is reuse. We use the use the same password. Again. And again. Rinse, lather, repeat. The problem with this approach is that once that password becomes compromised, the bad guys may have access to your bank accounts, your investment accounts, your online shopping accounts. The list goes on. Anywhere that you used the same combination of user id and password, you are vulnerable. Say for sake of argument that you have a Yahoo! email account that was compromised. (Oh wait, that actually happened.) Now the hackers have a combination of user id and password that they can, with minimal effort, try to use on an infinite number of web sites.

There are other crutches that we use: we write down our passwords (FYI: don’t do this!), we use short passwords (FYI: the longer the better, 8 characters is good, 16 characters is awesome), we use personal information in our passwords such as a child’s birthday or the street we live on (FYI: don’t do this), we use words that you can find in the dictionary (FYI: definitely don’t do this), we never change our passwords (FYI: you should change your password regularly). The list could go on and on.

I am speaking from personal experience. Full mea culpa: I used the exact same user id and password for years. I used it on name brand websites such as Yahoo! Mail. I used it on fly by night websites where I thought to myself “this web site probably won’t be here a year from now”. I’ve used it on “once and done” transactions on web sites that I knew I would only visit once in my lifetime. Eventually this behavior came back to haunt me. Someone used those reused credentials on an eCommerce site, and ordered themselves a laptop. I had forgotten that I even had a login to that web site, so you can imagine my surprise when I received an email with an order confirmation for a new laptop. When I went to go and reset my password, the web site actually sent me an email with my “old” password. This was painful confirmation that it was the same user id and password that I used…everywhere.
There is a better mousetrap. Password management systems.

I’m not a big fan of the Firefox, Google Chrome, and Internet Explorer password mechanisms. However, there are a number of well-regarded solutions that will track your passwords, regardless of how you’re accessing the internet.
There are 2 primary functions that these services provide: first, they are a master repository of your passwords, and secondly, they allow you to generate long and completely random passwords.
I personally have used LastPass (www.lastpass.com) for several years (ever since the hacking mentioned above). There are a number of other well regarded services such as 1Password (www.1password.com), Dashlane (www.dashlane.com), RoboForm (www.roboform.com), as well as about a dozen others.
There is one final gotcha with password management systems. You need to create a “master” password to get into that system. Some of these systems add extra security by having no password recovery mechanism for the master password. If you forget your master password, you are completely locked out. The method that I have found to work is to have a long pass phrase, that only you know, and that you abbreviate into the password. For example, you can start with a quote such as “If not us, who? If not now, when?” You might turn that into “if<>Uwif<>Nw?3000”. The key is to make it personal, something that you will remember, but that is impossible to guess.

Summary

There is no other way to explain it, you simply need to do a better job of creating and managing your passwords. We often use shortcuts of various forms to help manage our passwords, to our own detriment and peril. Know that here is a better way. A password manager can help.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s