Password Tips for People Who Hate Passwords (i.e. YOU)
photo: Rubén Bagüés
In this ever-polarized world we live in, it’s oddly comforting to find a subject that strikes a universal chord, stoking the consternation and ire of everyone regardless of their political or religious affiliation, socio-economic status, nationality or whatever other means of humanity-pigeonholing you prefer. In both my personal and professional experience, the subject of passwords checks the box when it comes to unifying us all in our mutual dislike.
Now for a brief moment, I’d like you to conjure up all of your negative feelings about creating, remembering and using passwords… imagine: what would it be like if you didn’t only have to put up with this annoyance of modern digital life, but if you also had to participate in that frustration on behalf of dozens of other people, including friends, family members, and your business associates? Welcome to my world.
The primary reason I would even put you through that painful thought experiment besides gathering up pity points is this: you need to know that I find no pleasure in having to tell people to improve their password habits. It would be quite easy for me as an I.T. Guy if everyone just used one password for every device and account they owned, believe me! But I didn’t sign up for this role in life because I wanted to take the easy route. I provide I.T. services for people because I’m naturally inclined to solve problems, no matter how annoying or repetitive they are. So I do not preach about password management because I love a good complex password, or because I like to hear people curse under their breath when I ask them if they know the password to their email account. It’s because I want to minimize problems for the people in my Universe who look to me for technical advice (and at times, even those who don’t).
JUST THE BEGINNING
There are plenty of opinions on the proper approach to good password usage, and I’d be lying if I said it was a settled discussion. Because hackers and other ne’er-do-wells are constantly upping their game when it comes to getting their hands on your digital details, the rules of thumb about securing one’s data are always being revised as well. I would like to at least introduce you to (or perhaps remind you of) a few of the more commonly cited tips, though, because I would feel remiss if any of you reading this hadn’t at least been given a written explanation that you could refer back to more than once should you find yourself at that rare point in your life where you’ve got the time and patience to go through these extra steps you’ve been reluctant to take, but knew you should.
To help motivate you on your journey to password enlightenment, I ask you to take a quick moment to plug your various email addresses (and perhaps those of your loved ones) in the search field on the Have I Been Pwned website. This website provides a free and helpful service that allows you to quickly check to see if your email address is included in any known ‘data breaches’ from the various services in the world we’ve trusted to keep our data safe. If you’re lucky, you’ll be told your email address hasn’t been found. Know, though, that even if your address is NOT found in a search on their site, you could still be included in a currently UNknown data breach–and who knows how many of those have taken place! But most of you will likely see at least one or more instances of your email address having been included in a data breach of some kind.
REPETITIVE USE INJURY
Not all data breaches are super serious–some might just be email addresses paired with encrypted passwords that no one can read. Other data breaches could include your email, password, and other sensitive info (think: social security numbers) that you’d much rather not be sitting naked somewhere out in the world that you didn’t explicitly allow. But the key thing to remember is this: if you re-use the same email address and password combo at multiple sites, and that combo is included in a data breach, it’s incredibly easy for evil-doers to try that same email-password combo at many other sites, automatically, in bulk. And it’s not just a handful of people trying to do so, either. The data accumulated by hackers is packaged up and sold on the black market, to whomever has money and interest in the data, for whatever purposes they like. This world is filled with a lot more selfish jerks than many of us would care to admit, and they’re the ones who benefit from any of us defaulting to laziness when it comes to securing our accounts.
First, your goal should be to never use the same password and email or username combination ANYWHERE.
Second, you should make every password lengthy and complicated.
Those first two goals will not be easy for most people, and for some of us it will be downright overwhelming, bordering on impossible. And that’s why my next password tip is really helpful:
MAKE IT MANAGEABLE
Use a password manager! There are many free and paid password management services that are good options including DashLane, 1Password and LastPass. The way password managers work is that you create an account using a VERY difficult password to crack–but one you design to remember (e.g. with mnemonic devices)–and then allow the password manager to remember all of the other passwords in your life for you. That way, the burden of remembering dozens of unique, lengthy and complicated passwords is offloaded, leaving you only having to remember ONE password. Not only that, but password managers include tools to help you generate new passwords using a variety of conditions to help you meet those goals of long, complex and basically random passwords at each and every site you visit with just a few simple clicks. You don’t even have to pretend to be good at coming up with brand new, hacker-proof passwords at every site you have an account with or any new account you set up in the future. The password manager handles it for you. Added Bonus: many password managers integrate into your web browser (through an add-on or extension) to make the process of logging into various websites automatic, saving you the time and hassle of recalling and entering those many difficult passwords you’ve created. Super Bonus: you’ll even find apps for your mobile phone that bring the convenience of a password manager wherever you go!
LAYER IT ON
Lastly, you should switch on multi-factor authentication for any and every account that offers it. Sometimes it’s called two-factor authentication, or it might go by other names, but it’s basically the system that adds another layer of security to the sign-on process by adding a second step to logging into your account after the password is entered. Usually, it involves receiving a unique, single-use pass code provided via phone call or text message by the service you’re logging into. The theory behind it is that someone trying to break into your account would not only need to know your username and password, but they’d also have to be in possession of the device where that separate code is sent–a pretty rare and unlikely scenario. You also get the benefit of knowing when someone is trying to log into your account; if that someone isn’t you, or someone you asked to log in on your behalf, then you now have cause for alarm and can take appropriate action (hint: change your password!) at the account in question.
[Note: yes, even multi-factor authentication isn’t a perfect solution, but it’s absolutely better than just relying on a good password alone.]
THE GOLDEN RULE
Sometimes I hear people say that they’re not concerned about bad actors somewhere online knowing the password to their bank account, or having access to their email or their SkyMiles details. But because the Internet has connected us all in so many seen and unseen ways, you have to remember that you may not just be putting yourself at risk with sloppy password habits… you may be opening the door to someone you love having their bank account hacked, or introducing a hacker to your employer’s internal network, or worse. Try to think of good password strategies as a kind of mutual etiquette for the digital world, just like washing your hands after using the bathroom or using turn signals on a busy highway are in the physical world.
If you’ve gotten this far in this blog post, congratulations. I realize I’ve spent more time explaining WHY you should have better password management methods in place, and not very much time explaining HOW. Hopefully I’ve given those of you who are somewhat tech savvy enough advice and encouragement that you’ll get out there and start improving your password techniques on your own. But for the rest of you, particularly those of you who break out in hives just thinking about passwords: that’s what I’m here for! You can hire me to handle the setup and implementation of these steps to finally get you on the path to better password management. It won’t be easy, but I’ll try to make it as painless as possible. And you owe it to yourself, your friends, your family and your colleagues to do so.