Do you have problems creating and remembering passwords?

PasswordThere’s no doubt that the single biggest issue that my computer support clients ask for my help and advice with is passwords. In almost all cases, I can not help retrieve lost passwords. All I can do is guide the client through the process of changing the password when it has been forgotten.

As we all know, this is not necessarily easy as you may be asked seemingly ridiculous questions to prove you are who you say you are. I’ve never had a pet, or a favourite film, or a favourite teacher, or any of those other things they ask, so I tend to make them up when I’m creating accounts and they insist I create answers to “security questions”. The trick, of course, is to WRITE THESE FAKE ANSWERS DOWN so that they can be checked if they’re ever needed.

To go back to the beginning of the process, I often see my clients getting a bit frustrated and flustered when creating passwords. Nowadays, most places that ask you to create a password insist that it conforms to something like this:

  • Minimum eight characters (a “character” is any typeable letter, number or symbol)
  • At least one upper case (capital) letter and one lower case (small) letter
  • At least one number (the digits 0-9)
  • At least one special character (eg any of !”£$%^&*()<>{}[]~#@’:;?/|\`)

So, a “legitimate” password might be “Charlie-99”. Another might be “27Tomatoes?”

The reasons for this complexity are very simple:

  • To prevent someone guessing your password
  • To prevent a computer program from trying all the possibilities until it “cracks” your password (or, more precisely, to make it unfeasible to crack your password by this “brute force” method by making it take a ridiculously long time for the program to hit on the right combination)

BurglarThe reason that password requirements become more stringent as time goes on is quite simple. As computers become faster and more powerful, they are able to “crack” passwords of a given complexity with brute force attacks more and more quickly. And just so that your passwords remain adequate for a while to come, I recommend that you make them at least 12 characters long (and not the minimum of eight characters that is currently often stipulated).

Think of one of the passwords you use and then create a fake one of the same complexity. So, for instance, if your password is “Spain-2012”, you could create (for this test) a fake password of “Italy:1984”. This has the same numer of upper and lower case letters, numbers, and special symbols.

Now open a web browser and go to this website – https://howsecureismypassword.net/

Where it says “ENTER PASSWORD”, type in the fake password you’ve just created. The website will then tell you just how long it would probably take a computer to “break” your fake password with a brute force attack. If your password had simply been “italy1984” it would probably take a computer about 42 minutes to crack it. That’s well within the bounds of possibility for someone with the right software who is determined to get into your account. Simply increasing the complexity by making the password “Italy:1984” increases the likely time to crack it to ten years!

OK, so I hope I’ve convinced you that passwords need to be increasingly long and complicated to do their job. How on earth are you going to remember them? Please, please, please do not use the same password for several accounts. Suppose a website where you use a particular password gets hacked and your username and password for that site are stolen. If you use that same combination of username and password for other accounts then you are wide open to having those accounts accessed as easily by someone else as if you had accessed the accounts yourself. This is made even more likely by the fact the “username” is usually your email address, so that is very likely to be the same for many accounts.

There are four ways that I know of that you can record passwords:

1) Remember them

That way insanity lies. I really do not advise this. Seriously. I am often with clients when they create a password and I gently advise them to write it down. “Oh no, I’ll remember that”, they retort. Well, you’ve got more brain-space than I have, then. Can you really remember which of the following you might have used:

Fotheringay-1973
1974fotheringay
Fotheringay_1975

There are 36 variations of the above three passwords that don’t use any different naming methodology or characters – eg fotheringay1973, Fotheringay:1973 etcetera almost ad nauseam

2) Use a method that will allow you work out what your password must be for a particular site – eg “Tesco-2016”, “Amazon-2016”

This might seem very clever, but the easier it is for you to remember the method, the easier it would be for someone else to work it out – for all your passwords. Maybe not as brilliant an idea as it seemed at first.

3) Use a password manager

This is computer software that stores (and might also create) passwords for you. This is great as long as you always have access to that (password-protected) program and all the data it is holding. If you’ve only got it installed on one computer, if it’s not backed up, and if that computer has a catastrophic hard drive failure, then you are right royally stuffed (technical term). So, if you are thinking of using such a program then you need to make sure that you’ve got yourself covered against the computer/device being unavailable, the program becoming corrupt, your data file becoming corrupt, the software publisher not maintaining it such that it eventually becomes unusable.

4) Write them down

Yes, I know. Someone could steal them. Well, I put it to you that if you are burgled then the bad guy is looking to nick your TV to sell so that he can buy crack, rather than looking to steal your passwords. If you really believe that someone is likely to want to steal your little book of passwords and that they’re going to look in your sock drawer for it, then I suggest that either (a) you have something so desirable – and known – to the bad guys that you really should seek some professional security advice or (b) you are paranoid.

Over the years, I’ve seen just how much grief lost passwords can cause. I’ve never heard of any of my clients suffering any grief through having their sock drawer rifled through.

Search Box at www.davidleonard.london

Just type “password” (and Enter) on any page at www.davidleonard.london

I’ve covered this topic many times in these blog posts. To see previous entries, just go to any web page at www.davidleonard.london and type “password” (without the quotes) into the “search” box

© 2011-2017 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha