Ah, passwords. There may be fewer things in life as frustrating and annoying as making & remembering passwords. Let’s talk about some ways to make life easier for you!
If passwords frustrate you, you are not alone! Just look at the image to the left (or below, if you’re mobile). How many times have you (we) had to try to remember our password, type it in, try and create a strong one (and we all know it’s going to be your last password + 1, ’cause who wants to try & remember a whole new one? It was hard enough memorizing the original password!), etc
To help alleviate your frustration, in this article I suggest a few practical, less stressful ways you can create & remember strong passwords (you can view my cybersecurity credentials here):
- Use Strong Passwords Only for Important Accounts
- Switch to Passphrases
- Use a notebook (what?!)
- Use a Password Manager
With that, let’s get started!
Each of these tips can be done alone or used together!
1. Use Strong Passwords Only for Important Accounts
If your favorite cooking website account is hacked, the result will be frustrating but not serious. On the other hand, if your bank account gets hacked, you may lose your life savings (very serious).
For most, the idea of having to create unique, strong password for all of our accounts is overwhelming. The result is password reuse and, often, weak passwords.
You can reduce your burden of having to remember strong, unique passwords if you only have to remember 5 vs. 25 passwords. For non-important accounts, you can use easy-to-remember.
What are ‘Important Accounts?’
Important accounts are those accounts that have access to your:
- Financial info (e.g., bank and credit card sites)
- Email accounts (email accounts are frequently used to reset passwords)
- Other personal info (e.g., health data, employer HR portals, social media, etc.)
2. Switch to Passphrases
Passphrases are like passwords, but instead of using ‘random’ characters, they use a string of words. For instance, instead of using:
You could use:
For most people, the second one is going to be easier! Just think of a mechanic working at a hospital, who enjoys eating buttered apples (a pretty funny food idea, too).
How to Make a Passphrase
There are many ways to create passphrases, but the most practical and user-friendly way for most people are:
- Make sure you’re using at least 4–5 words (it’s OK for them to all be lowercase)
- Think of a phrase that’s easier for you to remember (e.g., 4–5 words of a favorite quote)
- Use a random-word generator to come up with 4–5 random words
Why is This More Secure?
I’ll talk about this more at the end of the article, but having 4–5 lowercase words is just as strong of a password as “cnM@33!” (this would actually not be too hard for a computer to crack).
Additionally, one of the ideas behind this is that we (people) are able to more easily remember words associated with real-world things than we are ‘random’ characters.
For example, if you meet someone named Abbey, you could remember her name by thinking of an actual abbey. I’ve tried this, and I was able to remember people’s names much better than before.
3. Use a notebook (what?!)
You’ve probably heard to ‘never write your password down.’ While that’s great advice, it assumes people are able to memorize their super-secure, crazy-looking passwords without any problems (e.g., l5P$CP7cmQ5YDg*). Memorizing that alone is a challenge — memorizing something like that for all of our accounts is impractical!
How to Use a Password Notebook
- Keep it in a safe place (e.g., purse, drawer, etc.)
- Consider writing down parts or hints of your password
I don’t recommend using a notebook if:
- You live in an area with a higher crime rate
- You tend to leave important documents in plain sight (e.g., the car)
Why is This More Secure?
The odds of a random hacker cracking your memorized (but likely weak) passwords are MUCH higher than the risk of someone stealing your notebook (with your written, but likely strong passwords.
4. Use a Password Manager
I recommend this above all of the other tips. A password manager is a secure program that can create & store all of your passwords in one place (the passwords it creates are exceptionally strong). You can access all of these passwords from your computer, phone, tablet, etc.
With a password manager, you only have to remember one master password — once you enter this master password, you can access, copy & paste, etc. all of your passwords.
Of course, this exposes the risk that if a hacker guesses your master password, they have access to all of your passwords. If you choose to use a password manager, be sure to create a really strong master password. This master password may be difficult to remember, but it’s the only password you have to remember.
Additionally, and in my experience, using a password manager has greatly reduced the amount of stress I feel online. It’s one of those rare circumstances in security where it makes life easier & more secure.
Be sure to use a reputable password manager (the ones I recommend are 1Password & LastPass).
The ideas behind this article are based on various risk & usability factors for a typical person. As such, you may view the risks/usability factors differently than I do, and that’s okay. This article has been written, though, to increase the likelihood that a person will create & be able to use a strong password.
If you have any questions or would like to discuss something in this article, leave a comment below or feel free to contact me.
A1. A 4th Way to Make a Passphrase
- Get 5 dice (can be physical or generated online)
- Go to this word list from EFF
- Roll all the dice, and write down the word that corresponds to the number on the word list
- Do Step 3 four more times
- Combine all the words, and that’s your password!
A2. Cracking/Guessing Passwords
The amount of time needed to brute-force guess a password is a combination of a password’s length and character set (e.g., the US Keyboard has a character set of 96: 26 lowercase + 26 uppercase + 10 numbers + 34 special characters).
Mathematically, the formula for the average amount of time needed to guess a password is:
Avg. Time = (character set ^ length)/2
The avg. number of attempts needed to crack a password is:
Avg. Time/ Guesses per second
Note that it’s not hard for dedicated ‘hackers’ to be able to guess passwords in the 100s millions g/s. The current, verified world record is 350 billion g/s, and in 2013, the NSA was purported to be able to do 1 Trillion g/s.
[Disclaimer: This is not legal nor consultative advice. I’m not affiliated with nor receive compensation from any organizations mentioned in this post.]