As the world continues it's steady march towards increasing our online activities, both productive and frivolous, the more logins you'll be adding to your probably already crowded collection. Picking a password is the single most important thing you can do to make sure your accounts stay under your control. Yet when we sign up for a new website, store or service, we're usually in one of two mindsets. Either we're excited to try out something new and cool, and want to rush by the initial setup to get exploring, or we shrug our shoulders and sigh loudly about having to type in the same old tired information on yet another website. Whatever the case may be, the last thing on your mind is thinking of a new password, and people tend to use the same choices over and over again.
Which really may not be such a bad thing. If you have a pretty good set of passwords, there really is no sense in changing them if you don't have to. One piece of advice frequently passed around online is to regularly change your passwords, but most accounts are scanned so infrequently that changing them doesn't actually reduce your risk of being compromised. So what's some actual good advice for passwords? First, let's start with what you should never do:
- Don't use predictable patterns in your passwords. What exactly does that mean? ABCDEFGHIJKLMNOP might seem like a good password because it's 16 letters long, but then again a five year old may be able to guess it.
- Don't use song lyrics, published quotes, catchphrases or memes in your passwords. I love Portal too, but TheCakeIsALie can be guessed by person and program alike and is to be avoided.
- Don't use personal information in your passwords. If people do any research about you online, they may be able to find personal details about you that increase your chances of being found out. For example, Forest Gump's password might be 1Forest1. Yeah, it's as bad of a joke as it is a password.
Now here are some things that are good ideas when dealing with your passwords.
- Use several passwords. Or even one for each account. Because there is only one thing worse than having your Facebook account hacked. And that is having your Facebook, Instagram, email address, your bank's website and online dating site all hacked. Using one password for everything is just riskier.
- Keep your passwords to yourself. No matter how much you trust your friends or your family, your passwords are your own. Don't store them in your web browser on a public computer or write them down (especially not a slip of paper under your keyboard!). Passwords should only be known to people who are going to use the account, for example you may share your bank website's password with your spouse.
- Use a passphrase. This is becoming a popular idea for passwords these days. One of my favorite websites xkcd breaks it down nicely here. This will give you a phrase like 'recall silly shoe smaller' or something similarly meaningless yet easy to remember. You can substitute some letters with numbers and characters for a really secure password, such as 'reca11 $illy shoe $maller'.
Of course, if this is too much for you, and you just want the most security for the least amount of effort, you can get a password generator. Basically this is a program that will automatically create super secure passwords and plug them in for you without having to remember anything other than a single master password. You can even share these passwords across multiple devices with a service like SpiderOak. Here are some good password managers for you to check out:
Happy and safe browsing!