Passwords are a problem.
Websites require them. They’re hard to remember. They get stolen. You have to change them. They’ve got all those weird characters in them.
Unfortunately, passwords are with us for the forseeable future. Managing your passwords is an important skill for students and adults alike. With security breaches like the recent Dropbox and Snapchat and iCloud password thefts, keeping strong passwords that can be changed and remembered is an important thing for everyone to do.
Various experts will offer various recommendations on how to keep your passwords straight. There are various computer- and web-based password storage systems that will keep strong passwords for you – all you have to do is remember the one password for your password manager and it will give you the rest.
There are, however, two simple ways to manage your passwords easily:
One of the strongest and easiest way to manage passwords is not to use a password at all, but to use a passphrase – a series of words.
This is a very easy way to get a secure and unique code to get into a website, and studies have shown that it is easy to remember and very hard to crack. It’s been popularized by the webcomic XKCD (created by Randall Munroe, an ex-NASA scientist) and has been championed by many security experts. It has been studied recently by researchers at Carnegie-Mellon University and shown to be a very secure method.
Unfortunately, however, there are a couple of problems with it. First of all is the problem of finding several really random words. If the words are not random, it will be easy to crack – either through guesswork or through “social engineering” (if a criminal knows enough about you, he/she can figure out the passphrase). There are systems that can be used to make the words random, but they can be cumbersome and complicated.
The other, and perhaps more difficult, problem with using passphrases is that many systems (bank and credit card sites, particularly) won’t allow them. They will set a limit as to how long the password/phrase can be and require various cases, non-alphabetic characters, etc. It may be possible to build a passphrase using those, but it makes it harder to remember.
Therefore, passphrases are a good system that might eventually supplant passwords and may be used with systems that do not require non-alphabetic characters, but they probably can’t be used widely. I’d recommend you use passphrases when you can, but if it’s going to be confusing for you to have different systems you might want to use option #2.
This is a method that I have used and championed for years. It’s not my own idea – credit goes to Bruce Schneier, who is an expert on computer security. He wrote about this method years ago and still recommends it. It’s a reasonably simple way to get cryptic passwords that are not too hard to remember.
Start with a sentence that you can remember. Ideally it would be unique to you, like “I broke my arm when I was 7 years old.” You then use the first letter of each word and make slight changes as you wish and as the password system requires. So “I broke my arm when I was 7 years old” becomes IbmawIw7yo or IbmARMwIw7yo!! or something like that.
This is a very easy method for creating cryptic passwords that are easy to remember. Try it!
Managing your passwords
Once you’ve created your passwords, you need to manage them. Here are some basic tips:
Keep them different!
If you use the same password for different sites, then once a criminal has the password he/she can get into other systems. It is hard to break into bank systems. It’s easier to break into Facebook or The Daily Mail. Criminals target soft targets and then use what they’ve got to try to get into other systems. Make sure you use a different password for each system!
You can use some variation of the same password for different sites, but make sure that it’s not easy to guess. Having “passwordGoogle” and “passwordApple” and “passwordBank” means that once one password is compromised, the others are wide open. If instead you use something like “passwordEL” and “passwordEL” and “passwordKN” (not using “password” but something stronger!) it will be harder to guess. (But don’t just use the last two letters, make up your own system.)
Security experts recommend you change passwords regularly. The mean ones say you should change them every month or every quarter. That might be a little extreme, but I would recommend you change them occasionally – every year is a reasonable amount. Definitely, you should change your passwords whenever you hear there is some security problem. Don’t put your head in the sand and hope that it won’t affect you!
If you need to write them down, don’t put them on a sticky note next to your computer! Write them on a slip of paper and keep them in your wallet or someplace else secure. Ideally, don’t write the password itself down, but some memory jogger. (If my password is “thislittlepiggywenttomarket” my memory jogger might be “swine goes to store.”)
At the end of the day, managing your passwords is a chore and a hassle. However, it is also a necessary process – just like keeping your house keys protected and making sure to change your locks if there’s a chance someone has a copy.