Like most people, you've probably said this more times than you'd like to admit. And being locked out of any one of your many accounts is as much fun as a stick in the eye. None.
If you squint you can see it
You see, in the way back machine, there's a place and time where the only password you needed was when you were logging into your ISP over your dial up modem. That was it. After that you could go from place to place without having to log into anywhere else. Now mind you, nothing was specialized for just you. You had no preferences and web sites were the same for all visitors. Basically web 0.1. We were so innocent then.
Soon afterwards websites allowed you to personalize. Just your basic preferences such as colors, favorite teams, personal icon, etc. So now you had to login to that site. And your password requirements were
more than 3 characters. With more sites popping up, and more people getting onto the internet, account names transitioned from names to email addresses.
Lets just make this easier
Shortly after this, accounts began to be hacked. Most of the hacking and cracking was just due to people using the same passwords over and over and over. And the
majority of people using the same passwords as well. So if I knew your account name, I could just try to login as you with the top used passwords. Once I logged in, I owned that account.
Top 10 Most Used Passwords 2016: * 123456 * 123456789 * qwerty * 12345678 * 111111 * 1234567890 * 1234567 * password * 123123 * 987654321
Thus begins the dreaded era of password requirements. And along with your password having to be something like 16 characters long with at least:
- One upper case character
- One lower case character
- One none alpha character
- One alpha character
- No same characters in a row
- No pronounceable words
- No words
- No ...
So now you have to use one of your many email address. Which now means you have to not only remember which email account you used to register on this website, but now you have to remember a password that you can't remember because its jibberish.
So then what does a normal person do when they have over 30 different accounts (think Twitter, Facebook, Reddit, digg, etc.) and passwords? Well most people just use the exact same email address, along with the exact same password. All across every site they registered on.
Is everyone getting hacked now?
Thus begins the dreaded era of account hacking. Its not really hacking in the technical sense. All they do is get your login credentials from one site, then try those out on many other sites. The bad guys just use a computer script to check all of this automatically. If they can log in to one site, its marked down. Now they have your accounts across multiple sites. You're screwed.
Thus begins the dreaded era of hiding password list under the keyboard. And no, taping it to the bottom doesn't help either. I've worked in IT long enough to know better. But what do you do if you can't make a list of big passwords, different passwords, different account logins, and so many sites? Want to buy something? Enter in your email address & password. Want to say hi to a friend? Enter in your email address & password. Facebook? Twitter? digg? Reddit? AAAarrrrggghh...Enter in your email address & password.
All of which now has you very frustrated because there's no way to remember all of this. Why can't you use the same password everywhere? Well, now that most sites have password requirements to help prevent bad guys from playing the guessing game, you have to make a password you can't remember. So what do you do? You write them down. And with this written evidence, any cryptic password requirement now has the same substance of day old bread in a pail full of week old water.
But if you're old enough, you might remember a after school or Saturday morning cartoon about "Mother Necessity". And thats what we have here. We have a need for something that will make our login credentials easier to remember and to use. And with this logic, the world has given us Password Managers. Some of the main ones are 1Password and LastPass. But what are these strange things and how does one use them?
At first, I too was skeptical. Why would I put all of my passwords (and thereby access to all of my personal and sensitive information) in one place. How is this safer if this vendor was hacked or even if my own PC was hacked? Great questions. Allow me.
Password managers require just 1 login and 1 password. From there they will record (by your choosing) each site you log into, and what credentials you use. How is this safe? Most password managers will
encrypt your information, all of it, on your computer. Its only unencrypted after you log into the password manager. Then when you go to, say reddit.com, the password manager will detect the site and automatically enter in your login account and the password. As long as you're logged into the password manager, it'll do the rest for you.
Long live the fighter!
But they also have another great feature. Since its remembering all of your login information, it will also create passwords that can't be normally cracked (unless someone wants to spend 13 years trying to crack one password). This allows you to have crazy passwords that are utterly and completely different on each and every site. So if one site gets hacked, you won't have to worry about all of your accounts being hacked. You just go into the affected site, and change your password. You do this by just telling the password manager to create a new 8-16 character password.
My manager of choice is LastPass. I let this create all of my passwords that are no less than 12 characters long. I have the option of using any type of character or digit or not digit I want to. Or I can just type in my own. Literally, I don't really worry about any of my accounts being cracked or hacked now. It really is peace of mind as much as you can get online these days.
But wait, there's more! Not only will these password managers work with just about every web browser out there but they also have mobile app's as well for your smart phones. Use your bank's application on your iPhone? No problem, just open up the password manager for your crazed out 26 character long password. Copy & paste. Now you can see how much money you don't have! Nice eh?
Some general rules when making up a password either manually or having a manager do it for you:
Never give out your password to anyone. Even friends or your closest friends. A friend can – possibly inadvertently – pass your password along to others.
Don’t simply use one password. It’s conceivable that somebody working at a site where you use that password could pass it on or use it to break into your other accounts at different sites.
Make the password no less than 8 characters in length. The more drawn out the better. Longer passwords are harder for hackers to break.
Incorporate numbers, capital letters and symbols. Consider utilizing a $ rather than an S or a 1 rather than a L, or including a & or % – however, take note of that $1ngle is not a good password. Password thieves are onto this. However, Mc$J1taedp (another way to say “My companion Sam Jones is truly an exceptionally decent person) is a magnificent password.
Don't utilize dictionary words. Just don't do it. On the off chance that it’s in the dictionary, there is a chance somebody will get it. There’s actually some software programs use to guess passwords base in dictionary
Don't write down your password anywhere. This may appear glaringly evident yet studies have discovered that many individuals post their password on their screen with a sticky note. Terrible idea. On the off chance that you should record it, shroud the note some place where nobody can discover it.
Consider utilizing a password manager. Web services like RoboForm or Lastpass let you make a different exceptionally solid password for each of your sites. However, you just need to recall the one password to get to the program or secure site that stores your passwords for you.
Consider utilizing multi-factor authentication. Many services offer a choice to check your identity on the off chance that somebody sign on to your account from an unrecognized device. The strategy is to send a message your a cell phone enrolled to you with a code you have to sort in to verity it’s truly you.
Link of the week: Think your password is one tough nut to crack? Then try out How Secure Is My Password and see. I put what I thought was a good password in and come to find out it could be cracked in about 4 days.