Stop Trying to Remember Passwords

No doubt you have heard the advise to use a different password on each website that you have a login for. No doubt you probably had a reaction like, “that sounds great but it’s too much work”.

Why would you want to do this? Well, the most important reason is to prevent hackers from getting access to sensitive information such as your bank accounts, credit cards, etc. Even if you have a secure password and you are not the victim of an algorithm that can easily guess your password, many companies have fallen to hackers and as a result had customer login information compromised. This means if you use the same password on multiple sites, those hackers now have access to those sites as well.

Many who have attempted to have unique passwords have created a spreadsheet or other document to list out all of those different passwords.  There are several problems with this method a couple of which include:

  1. What happens if the document you are storing this information in is compromised? Many people use this method for ease of use and as result store these documents in easy to access places which themselves are not secure.
  2. Logins are not updated when you have to change you password. As a result, your spreadsheet is out of date and no longer reliable. As a result you tend to go back to using your default password.

Alternative Methods

So what is the alternative? You can try to come up with a formula that makes use of a base + site unique component for you passwords.  For example if you were creating a password on Amazon.com you might have something like “Cherry!AWS2018” where “Cherry!” is the base and “AWS2018” is the site unique portion.

While this is better, it is still far from a best practice. For starters, these passwords can normally be hacked by computer algorithms as they are not that complex. Also, what happens when the website forces you to change your password?

Another method which does create more secure passwords is to make the password based on phrase or sentence, taking the first letter from each word. For example, if you use a phrase like: “Fly Eagles Fly on the Road to Victory” your password might be: “FefotrtV”. You will still need to add special characters, numbers and mixed case letters but at lease the resulting password is hard to guess.

However, this method also suffers from the problem that you need a site unique part to keep the password from being the same across other websites.

Password Manager

Since 2009, I have been using a password manager to manage all of my login credentials. During that time there have been many advances in the methods the bad guys are using to hack into sites, which makes it even more important to have unique and secure passwords.

I currently use 1Password, but there are others such as LastPass and others. You can find some free ones, but when it comes to managing something this important, do you really want a product that is free? Personally, I want a company that has a more sustainable business model and will be around for years to come.

The beauty of a password manager is that they include some really helpful features:

  • Secure vault – which is much more secure than your spreadsheet or document
  • Password generator – not only can you store your passwords, but also use it to generate new ones
  • Mobile App and Desktop Versions
  • Available with Chrome extension to make logins even easier
  • Store more than just passwords – you can also secure passports, drivers licenses, credit card numbers, etc!

It’s 2018 – stop trying to remember passwords!