I’ve been doing computer support for a long time and have learned a few things. One of them is that the average computer guy just doesn’t get the average user. It’s like explaining football to my loving wife – she just doesn’t get it.
Case in point, what about the password advice you’ve been given? “It’s simple just use upper and lower case letters, numbers, special characters, don’t use your pets or kids names, blah, blah, blah ……..” Don’t get me wrong security is important. Terrible things can happen if the bad guys get your passwords. However, the general advice you’ve received may make it easier for the bad guys and harder for you.
OK, don’t raise your hand if this is true. Are your passwords written on post-it notes stuck on your monitor? How about on a sheet of paper under the keyboard? This is why the current password advice is so bad, nobody can keep them straight or secure. Not to worry though, I have some ideas.
How does the average bad guy go about guessing your password? He doesn’t know you, your kids, your pets or anything else about you. What he does know is that people can be “socially engineered.” In general everyone wants to be helpful, can be made fearful and may be greedy. This is how he exploits you to get what he wants.
Ever see an email asking you to please reset your bank password? Banks will never ask you to do that, but people want to be helpful. How about one that threatens to shut down an account if you don’t provide your private information? This is a scare technique. My favorite is the greedy response when the email that looks like it’s from FedEx claiming there is a package for you which you didn’t expect.
In each of these three situations people tend to give up their passwords to the bad guys. The strongest, most impossible to remember passwords in the world are useless if they are just given away. Your first step to password security is to never, ever give them to anyone you don’t personally know and trust. Trust your intuition. We have a saying at work – if it feels squishy, it’s probably squishy. As the computer guy I would much rather be questioned about an email I’ve sent, than pick up the pieces when a baddy gets your password or infects your computer with a virus.
Complex passwords are useless if they are given away and we all know that a password looking like PrXyc#N7 is impossible to remember. What is a normal person to do? I have a simple answer called a pass phrase. Simply use a phrase that you can remember as your password. Here are a couple of examples:
1739 So. 2669 No.
My favorite is orange.
I love my wife!
These are specific to me and very easy for me to remember and would take 13 trillion years to hack the shortest one. Sometimes you are required to include upper, lower, numbers and special characters. The address pass phrase meets all of those, but you’ll have to be creative for the others. One of my tricks is to replace all O’s with zeros for simplicity sake.
You should write your passwords down and keep them in a safe place. If you keep them on an Excel spreadsheet that’s fine, just be sure to protect that document with a pass phrase.
Here’s what to take away – use pass phrases rather than passwords, don’t give them to anybody for any reason and rest easy that you are more secure than the average computer guy and his ugly PrXyc#N7 password that can be hacked in 18 hours.
What are your tricks for remembering passwords?
More great ideas!
Written by Dean
Dean is known as the Tech Savvy Man (no cape yet but we are working on that.) If you have a technology problem he has the solution! Read more...