Back in ancient times (no … not dinosaur time … go forward a bit), when most people only needed to worry about remembering one password to one website. You could use “monkey123” and be fairly safe, because not many other people were connecting to your very first BBS.
Fast forward to modern times and the average person needs passwords to tens, if not hundreds, of websites and services. To make matters worse, monkey123 no longer works as a password (you shouldn’t be surprised, if you are … go change your password).
This is a problem because people use incredibly obvious passwords (a bad idea) or reuse passwords (a very bad idea) on multiple websites. Image a dystopian world where computer worms and cyber criminals (the pictures of guys with the black hoodies and obscured faces surrounded by gibberish that adorn most new stories about hackers) hack a website and copy all the emails and passwords they find. They then go to your bank’s website and try them there (no … not monkey123, since you changed it, now they try qwerty123). If you reuse passwords, the black-hoodie guy gets into your bank and steals all your money.
I have a few ideas to make authentication more bearable, choose which one(s) work for you.
1) Memorable Passwords
I know what you’re thinking … Alain, I h a t e passwords, why is this the first option? Simple. It’s compatible with all websites that need a password. No special software or hardware needed, just your good ol’ noggin.
First, you don’t need a password that looks like this: $1aksf391(that’s a self-created denial of service waiting to happen, since you’ll forget it by the time you walk through a doorway).
What you need to do is look around your house or workspace and choose 3 things: chair, plant, window. Then think of your favorite number and punctuation. This will make the base of your password, it won’t change.
So, for example, when you go to your bank and need to create a password you’ll use your base and add something to the end. A few examples:
- Your bank:
- 3+Chair+Plant+Window+Bank
- 3+Chair+Plant+Window+BofA
- 3+Chair+Plant+Window+Check
- Your email:
- 3+Chair+Plant+Window+Email
- 3+Chair+Plant+Window+Yahoo
- 3+Chair+Plant+Window+Spam
- Your credit card:
- 3+Chair+Plant+Window+Visa
- 3+Chair+Plant+Window+Card
- 3+Chair+Plant+Window+Plastic
As you can see, the majority of the password stays the same, the part that changes just has to be memorable to you (just visualize the place you chose your password to remember your base or write it down and put it in your wallet, if you lose your wallet change your password). It’s memorable, but also includes complexity (a number, punctuation, length, uppercase, and lowercase) that should satisfy any website’s rules.
2) Password Manager
This is a software program that manages your passwords for you … incredible, right? Use the computer to remember passwords that we don’t want to, this means you can have extremely complex passwords.
I would still recommend using words, just like in option 1, you don’t want to be stuck trying to type in a random password manually because copy/paste doesn’t work (no … this has never happened to me before).
The program I like is called 1Password, but there are others (e.g. LastPass, Dashlane). Each one of these programs require you to setup a single password (no … not monkey123) and then use that to unlock all of your other passwords. All of these programs have apps for Android and iPhone, as well as PC and Mac (even Linux!).
3) Secure Quick Reliable Login
Otherwise known as SQRL, developed by Steve Gibson. This method of logging into websites uses public key cryptography, which means it’s very secure. If you can break this kind of encryption then nobody is safe.
The problem with this method of logging into stuff is that the website needs to support it. It’s not as universal as passwords. However, more sites are beginning to support this login method, this blog does (if you want to login with SQRL, let me know)!
All you need to do is open the app on your phone and take a picture of the QR code on the website, then type in your password once and away you go. The website you’re logging into doesn’t know anything about you (no username or passwords are stored on the server). If the server/website ever gets compromised the black-hoodie bad guys won’t get anything they can use to try logging into other websites as you (e.g. bank, social media, loans, credit cards, etc.)
I use bible verses for those that I don’t trust to a password manager
“Trust in the Lord with all your heart” becomes something like “T1tLw/ayh”, depending on the specific requirements of the site. This has helped (forced) me to memorize more bible verses – and that can’t be a bad thing, right?
I use Keepass as my password manager, it has a free Android app called Keepass2Android. It has made my life so much easier. Also, the Android app can be unlocked with the fingerprint sesor on my Pixel, so I don’t have to type in the master password to unlock the database.