Ask any tech person about passwords, and you’ll probably let get the same advice.
- Use complex passwords
- Never reuse passwords
- Change your passwords frequently
We know this is a huge task. I’ll let you in on a secret- most of us techies don’t follow all of that advice as well as we should. We all can do it better, and I want to help. Some tips before we start:
Remember why we have passwords
You need to be able to prove who you are to a given service. We call it Authentication. It’s how a service knows that you are who you claim to be. In the face-to-face world, we do this by recognizing each other, by our faces, by our voices, or by putting your name in your handwriting. Most of the time, in a face-to-face encounter, it doesn’t matter. The clerk doesn’t care who you are, as long as you have the cash to check-out.
Web sites are different. They often offer a custom, personalized experience. Some companies, like Google, Facebook, and Microsoft trying to provide identity services, effectively to vouch for you to other web sites, but the adoption isn’t complete, so we’re stuck managing these relationships.
I’ve got good passwords for the things that matter
Often, when presented with this untenable situation, people throw up their hands, and say “I’ll have a handful of good passwords for the things that matter, and the rest, I’ll use a generic password.” This seems reasonable on the surface, though remember that services change over time, and a thing that doesn’t matter today might have financial information tomorrow. Any one (or several) of your accounts could help establish that the person who has control of it is you. Additionally, when you reuse your password, you’re trusting every site that stores it to not accidentally share it. Inside tip: the staff at those workplaces are spread just a thin as the staff at your own. Not a month goes by when an organization that should ‘know better’ suffers from a data breach, which often includes password information.
But I don’t have any secrets…
Some people don’t see the point in keeping their passwords safe, secure, and current. They’ve got nothing to hide. The thing is, it’s not about hiding anything. It’s about your identity. If I know your password, I can be you. Imagine of someone was going around town, pretending to be you, making promises. It doesn’t sound fun to me.
But that’s too many to remember!!!
You’re right. Most people couldn’t remember all of the passwords, PINS, and combinations for everything. It’s a mistake to try. Add to that the fact that a difficult to guess password is also difficult to remember, and possibly difficult to type, and it’s not surprising that people don’t follow rules for good passwords. What can we do?
I recommend keeping your passwords in a database of some kind. It can be a program on your computer, an app on your phone, or if you really need to, written down.
Wait, written down? I was told to never write down passwords!
I know, we told you to never write down your passwords. Trouble is, that sort of advice leads to all of the problems above. So I’d like to amend that advice to:
Treat your passwords like you treat your credit card number. Keep it a secret, keep it somewhere that you’ll know if someone’s going through it.
This could be your wallet. It could be a safe. It’s still not a post-it note under your keyboard, or on your computer screen. I recommend (and use) a program to lock them up (with a master password)
Next time, I’ll talk about random passwords and memory.