My Password

My Password: a reader asks…

I’ve been using a variation on a password theme all across the internet for all my accounts. It’s a combination of a remembered password and some characters unique to the website or service I’m logging into. Is that ok or should I do something different?

Nowadays, it’s all about password length and guess-ability. Hackers use technology that can go through all the possible combinations of characters,letters, numbers and special characters at speeds that make short passwords very insecure. That’s a ‘brute-force’ method of guessing your password. In addition, hackers have lists (aka ‘dictionaries’) of millions of commonly used passwords, and also lists of passwords that have already been successfully guessed to break into user accounts. If the passwords you’re using are long enough and not easily guessable, then your method is ok, for now.

So how long should your password be? There are a lot of pundits out there who are giving their opinions ranging from 8-16 characters or more. My opinion is that you really should be shooting for 20 or more characters at this point. If the password was made up of several random words and some random characters (or something along the lines of what you’re using), then you should be ok for now as long as it’s a very long password. But be wary of using common words and site-specific conventions that can be guessed – the technology and machine-learning capabilities of today’s hackers is much better than you probably think.

The trouble with long passwords is not just that they’re harder to remember, but also that they take a long time to type in every time you have to log in. That’s where password managers come in. Many password managers can fill in the user account credentials (username and password) for you on websites and apps. I think if it wasn’t for that, I’d be less inclined to use a password manager and just use a method similar to yours. But with 20+ characters to type each time (and a different 20 characters for each place you log into), it becomes really tedious to have to log in. This is why I like password managers like LastPass.

1Password is another good alternative. The important aspect is that you need to be able to get to your passwords anywhere, so a smartphone app with your vault of passwords is essential, along with a browser plugin for your own personal computer. You need the flexibility to reach your vault anywhere (with good security), and be able to add and update passwords to your vault anytime, anywhere. Along with the auto-filling in of password fields, a password manager can make it much easier to meet the demands of good password habits.