My son just created his new college account, which of course, requires a password. He said he used the same one he always does. I know this is not a good idea but I completely understand the impulse.
Back in 2012 there was a LinkedIn hack that is still having fun.
Two fraudulent emails to users were recently sent out. “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” the LinkedIn release states. “We have no indication that this is as a result of a new security breach.” Reset your password? Nah. I got that fraudulent email but didn’t click on it because I can’t remember my LinkedIn password. Haven’t gone on the site for years because of it and can’t be bothered to create a new profile and a new password.
I hate passwords. I use the same ones for everything in different forms (a weird character here and there, a number inserted, random capitals), and have a yellow piece of paper in my desk with all of them written down. When I run out of room on the paper I erase something from a site I never use and write in the new one. It may not be the most advanced system, but it works- when I’m home.
God forbid I’m out. Then come the dreaded QUESTIONS OF PERSONAL INFORMATION to make sure you are really you. But did I type in my childhood home street as Williams Street? Or williams st? Or a combination of both? And I only have a few tries before I’m told I’m a robot and go away. My poor mother has shaky hands and often types things in wrong. She is so often locked out of accounts that think she was hacked by someone not-quite getting her passwords correct.
If you pick simple words you can remember, you are getting increasingly out of luck. I hate sites that FORBID you from having a short word; you have to include weird stuff. Now Microsoft has banned common passwords altogether.
Jerks. If I want my password to be Dragon (it’s not) then I’m the one taking that risk. You can read more about that here.
Of course, you can always use cool software to help. Here at GeekDad/GeekMom we highlighted an app that lets you use a single password to log into sites across multiple platforms. Password Boss sounds like a good tool.
Or use your fingerprint as a password like on iPhones. But that comes with some legal fuzzyground as seen in a recent case where the FBI was trying to unlock an iPhone. “In his ruling about the iPhone search, Virginia Circuit Court Judge Steven Frucci made a novel distinction. The judge said it’s okay for police to force suspects to use physical characteristics, like a fingerprint, to unlock a phone. But they can’t force someone to ‘disclose the contents of his own mind,’ like a password.” You can read the full article about that distinction and decide for yourself if that’s fair.
Right now, an iPhone goes back to requiring a regular passcode if the phone hasn’t been used in 48 hours. Also, all the phone’s data will be erased if the wrong passcode is punched in multiple times.
The most intriguing news on passwords is Google’s plan to get rid of them entirely. Project Abacus aims to study how you use your phone (voice, swiping, location, frequent apps) and creates a “profile” of you.
This means that if someone else starts using your phone, they would have to mimic exactly how you use it- impossible? And then what? If the imposter tries to access stuff on your phone does it shut off? Or does it ask for a passcode to verify? More news on that to come.
In the meanwhile, I will encourage my son to insert a number into his favorite password. And write it down somewhere, and not a document called “Passwords.”
I’ve found KeePass to be really good. It has multiple database storage options (like Google Drive, Dropbox, etc.) with plugins, there are plugins for just about everything, and versions to run on your iPhone or Android. I simply use BittorrentSync to update the file on my work computer, home computer, wife’s computer and phones.
I couldn’t live w/o it. I use fairly strong passwords now. If a site lets me use 32 characters, then I do!
http://keepass.info/
Mature, free, etc.
Just checked out KeePass. Thanks for the suggestion!
You can disable the auto-wipe of an iPhone after too many failed password attempts.
One “psychology hack” revolves around passwords. You use a statement to yourself, some goal or affirmation, as the password. This is advised for using on passwords you manual enter at least once a day. But you can make it a practice to change out all of your passwords on all of your sites every two weeks or so.
This does require keeping track of where you have passwords. But if you have a “fallback” password that you use on any “I doubt I will come here ever again” sites, and then your affirmation password cluster remains relatively small (bank, work, email, favorite social/news site…)
The same password everywhere weakness is defeated pretty effectively if you regularly change that password. It makes the window of opportunity far smaller for someone to acquire your password from one location, then find another location where it is effective.
I like your suggestions (the statement one particularly). Thanks!
Nobody /likes/ passwords. But “make a simple one” and “write it down” are not good password advice! Use two-factor authentication. Use KeePass or LastPass if you need help. Invent a system for passwords so that you can create good, valid passwords that you can remember. If /you/ want to have terrible security on your personal information, go right ahead. But how about don’t suggest other people follow that lead, especially from a site with “geek” in the title.
I’m being very honest here in the post, not suggesting I have the best answers. And part of writing it was hoping for some good advice- which I have been getting!
A password manager is definitely the way to go! Hope you give LastPass a try, Rebecca. There are so many reasons to use a password manager like LastPass:
– It browses with you, saving and filling your passwords for you
– It can generate new passwords for you so you don’t ever have to think up a new one
– It syncs where you need it so you know you won’t ever be without your passwords
– It can even help you share passwords with family and friends
– It’s encrypted with a master password that only you know.
And so much more. Life really is easier with a password manager – and your online life will be more secure. Please don’t hesitate to reach out to our team if we can help.
good to know!
There is no excuse to not have good passwords with the great password managers out there. I used LastPass for years until a new company bought them out. They still seem to be a good system and it can be run on all of your devices and all browsers and is user friendly. Now I use KeePass. It is not as user friendly as LastPass. You have to download the extensions to Chrome and Firefox and figure out how to put your password database on Dropbox. Then use LastPass to make good passwords for your sites. Now that you don’t have to remember the password, it can be a really good password.
“There is no excuse to not have good passwords with the great password managers out there.” You got it- I will be passing on this advice to my son, as I try a manager out myself!