We’re all guilty of it. You’re creating a new account and are prompted to enter a password. You’ve heard about the rapidly increasing frequency of data breaches (and, interestingly, breaches of smaller accounts and systems). You’ve been told numerous times that you need to come up with a secure password, but what is secure? How will I remember my passwords?
Instead of answering these questions, you do what you’ve always done. You enter a password you’ve been using since you first started using the internet. Even worse, it probably has something like your birth date and kid’s name. You probably even have slight variations of this password for those sites with pesky additional requirements on their passwords.
I will provide you with some methods that will get you to a more secure password, without the hassle of memorizing all these different passwords. But first, here are a few tips that you should follow no matter which method you choose, or whether you choose to follow one or not.
Tips & Tricks for a Secure Password
- NEVER use the same password you use for the email address you signed up with. Your email account is sacred. If someone gains access to your email, they gain access to all accounts it is associated with.
- NEVER build a password using things like your middle name and birth year. These are the first things people that know you will try.
- AVOID using the same password twice. If one gets compromised, it is compromised anywhere else it is used.
- AVOID writing down your passwords on a piece of paper or in a book. If you must do this, be sure it is in a secure area like a safe/locked cabinet. A book of passwords can be just as valuable to a thief as your television during a break-in.
- USE a strong combination of upper and lowercase letters, numbers, and symbols. Not all services allow certain symbols, so stick to the simple ones like punctuation (period, comma, exclamation, question mark) to maintain consistency.
Use a Password Manager
If you’re not using a password manager, you’re probably just like me a few years ago. It’s hard to trust an external service to keep my passwords safe, and using another application every time I want to enter my password must be a hassle, right?
Password managers have several benefits:
- They allow you to store your passwords, securely, in the cloud. They’re usually encrypted using a master password you set yourself, so nobody but you can see the passwords you enter no matter what.
- You can access them from any device with the application installed or with access to the website. Update a password in one place, and it updates everywhere else.
- Good password managers include a password generator. Just click the button, and a secure password is created and stored for you. No memorization needed, and all of the points from “Tips & Tricks” above are satisfied!
- Most password managers include some sort of auto-fill function, usually requiring some sort of interaction with the app/extension. But a few clicks is less of a hassle than remembering and typing a complicated password.
There are many password managers out there that may be recommended by others, but here are three password managers that I have used and currently recommend:
BitWarden
I used BitWarden for about a year. It is open source (which helps make it extremely secure — anyone can check for backdoors and security vulnerabilities), and it’s totally free. It has a beautiful interface for its website, mobile apps, and browser extension. It is simple and quick to use, especially the fantastic password generator. The only downfall I saw, and ultimately the reason I stopped using it, is that there is no ability to share certain passwords with others, which is beneficial for businesses and organizations.
LastPass
LastPass has the benefits of being the most popular password manager. It is highly supported and regularly updated. Its free version will be sufficient for most people out there, but upgrading to Premium is as low as $24/yr. The benefits of upgrading are beyond the scope of this article, but it also has options for sharing, including family sharing or business sharing.
Google Chrome Password Manager
Google Chrome comes with a built-in password manager. It has the benefits of being integrated with the browser and its auto-fill features. It is the simplest to use within the browser, but managing your passwords isn’t as simple as the above options. It does not have a password generator, and does not work outside of the Chrome browser, making signing into external applications somewhat cumbersome, as finding your stored passwords is slightly frustrating. Your passwords are synced across all browsers you are signed into, including mobile Chrome. This is a good option if you just want to store your passwords but don’t want to deal with a third party application.
Make a Phrase & Key Rule
Another way to satisfy all the points from “Tips & Tricks” above is to create a set of rules that you follow for every password you make. You do not need to memorize any passwords, just memorize the rules you set for the Key and the Phrase, and you can figure out the password each time you return to the login screen.
The Key
You can start with a word, say “apple” for example. As is, the word is very easy for an algorithm or bot to guess. Exchange each “a” for “@”, change the first “p” to a “9”, and make every “e” uppercase. Now, you have a much harder-to-guess password “@9plE”. Expand on this key to accommodate more passwords.
Remember, you want to use a different password for each account, so you may be wondering, “how do I come up with the starting phrase for each service?” You’ll want to come up with a rule here as well that will be consistent across all accounts.
The Phrase
Here is an example I have seen used before. It uses the branding of the service to generate a phrase, since the branding is usually consistent across all platforms and is seen at the login screen.
- First word: General color of the service’s branding (“blue” for Twitter)
- Second word: General description of the shape of the logo (“bird” for Twitter)
- Third word: General description word for the service (“social” for Twitter)
This example gives you a starting phrase of “bluebirdsocial” for Twitter. Like the “apple” example above, this is not very secure. Apply your key, and suddenly you have a password like “B1uEBirdsoci@l”, which is significantly more secure than before, and should be easy to remember if you remember the phrase and key rules.
Conclusion
Secure password creation is crucial to keeping your personal information, sensitive documents, and personal wellbeing safe. These days, everything you do is stored on the web. This can all be breached by a machine or thief trying different common passwords, by someone who knows you guessing with simple things like your birthday, or by a hacker that has compromised your password on one service trying it on other services you use.