Passwords – A necessary evil!

An unavoidable fact of our modern life is that just about every service we engage with is online. Banks, Utilities, Entertainment, Shopping and Communication. Everything has a website that needs to be logged into. Each person even has multiples of these – a couple of banks, gas, electricity, Facebook, Instagram, Netflix, Coles, Woolworths, Ebay, Email.. Then there are personal accounts and work accounts… the list just keeps growing! 

Each service has a password. Each site has its own requirements for passwords – minimum x number of characters, numbers or symbols, uppercase and lowercase.. it can get very overwhelming very quickly.

But its still a necessity, we cannot live without passwords. So what can you do to make your life easier when it comes to choosing a password? And what steps can we take to further improve the integrity of the passwords you do chose?

Over the years people have been successfully trained to use passwords that are hard for Humans to remember but easy for computers to guess. A random alpha numeric string or numbers substituted for letters feel secure to us humans, but it makes little difference to a computer that is trying to guess.

A big step in the right direction is to change the way we think of passwords. The word PASSWORD has word in it, leading us to believe a single word is required. What would happen if we used multiple words instead of one word? The first thing that happens is – the password instantly becomes longer – the longer the password, the more guesses it takes to be compromised. The second thing is – we can make a short sentence. The words can be semi related (or seemingly random). Suddenly our longer password is easier to remember because it’s a meaningful statement.  Thirdly, we can still match a services password requirement by adding numbers or symbols without making it any harder to remember.

For instance: Instead of using a password like:  Pa$$w0rd you could use a password like: I-really-HATE-passwords!7

In this example, we have taken a seemingly secure password with numbers and symbols and turned it in to a longer, more secure password that is easier to remember. We don’t have to remember that the s in password is a $. We still have met the requirements of the password by having uppercase and lowercase characters, symbols and a number (I included my lucky number at the end).

Better yet, if the service permits, use spaces in your password! A space is no less valid than any other character you type. Not all services will allow a space, but it’s a great addition if its allowed.

There are other things you can do to help protect your online credentials – such as Two Factor authentication, Password managers etc – but we will talk about them another time.

PS..try not to repeat passwords. That way if there’s a leak and your password for, say, Instagram is out there in public, it’s only your Instagram that is affected! You will know that your other services are not going to be affected.