Passwords, ugh! Who wants one more password to remember? Passwords are probably the best example of the tug-of-war between security and convenience. “You need long, complicated passwords!” “No, I need passwords that are easy to remember and quick to type!”
Good passwords are just one layer in what should be a defense-in-depth. But bad passwords are, well, a wide open door. When listings of user accounts are stolen and cracked, then found online, security researchers get a glimpse into what people favor for passwords. Here are the top dozen:
As you can see, these are all terrible passwords, but terribly easy to remember. I’m afraid most people are careless about password safety.
But it’s not that hard to be an excellent password user! Two simple changes to your password habits will have you at the top of the good list!
- Use passphrases
For a long time, security experts recommended using numbers, symbols and changes in letter case to make passwords complex. Today, computing power is available in unprecedented quantity, and most short passwords, no matter how complex, can be cracked in minutes. So drop the heiroglyphics, and start using simpler but longer passphrases. These are easier to remember and to type, and more secure, as long as they are over 12 characters long. You still don’t want to use any phrase that is in common useage. “Mary had a little lamb” is a long passphrase, but still a terrible choice as it is in common usage and thus likely to be among the phrases hackers will use to test your security. Change it up a bit.
- Use a password manager
It is strongly recommended that you use a unique password for every account you have. It would be impossible to remember them all. So let a password manager app do it for you. The password manager securely encrypts all your account information, and you unlock and use it with one master password. Managers are portable between all your devices, so your credentials are always at the ready. For an installable application for your computer, tablet or phone, I recommend Keepass. For a web application, I recommend Bitwarden.