How do you balance the security of your online password against making sure it’s easy to remember? We set the task to our Computing Helpdesk.
With more and more online services demanding a password, from sending an email, to shopping online, to paying your council tax, how can you easily keep track of all of your passwords without sacrificing their all-important security?
Perfect passwords do’s and don’ts
Let’s start with the don’ts. There are some password approaches which may seem like quick-wins in terms of remembering them, but they’re an open invitation to having an account hacked into. Prime suspects include:
- The word ‘password’ (or its less well-envowled cousin, ‘psswd’)
- The sequence ‘12345’ or ‘00000’
- Your own surname
Sounds obvious? Perhaps, but I have some sympathy for anyone who takes the easy way with online passwords. Off the top of my head, I can think of 12 online services I regularly use which require password log-ins. That’s before I add on another half a dozen account log-ins I need to remember for work purposes.
It’s no wonder people often take a short-cut and use or re-use simple password phrases for the sake of keeping track of so many log-in details. So let’s look at some of our Computing Helpdesk’s suggestions for improving your password security without sacrificing memorability.
A recipe for the perfect password?
Here’s some tips from our Helpdesk – I’m not going to say I use them all myself, but it’s an interesting approach that certainly leaves you with an ‘unguessable’ password by the end:
Step 1: Choose a phrase or make up phrases that have a meaning to you, for example, ‘I Lived In Moscow’.
Step 2: Take the first letter from each word in your chosen phrase. ‘I Lived In Moscow’ becomes ‘ilim’
Step 3: Add one or two numbers that mean something to you such as number 10. We now have ‘ilim10’ as our base password.
Step 4. Add your initials after the number to get a base password of “ilim10rp”.
Step 5: As passwords are case sensitive, capitalise part of the password, leaving you with ‘ilim10RP‘
Too much to remember? There’s still more that can be added – substituting a special character such as ‘$’ or ‘!’ for a letter can help make a password even safer. And if you have many sites to log into, you can add their names to your password (e.g. ‘ilim10RPplay’ for a play.com password).
How do you do it?
So, the question is, do I follow any of those steps with my own online passwords? Up to a point. I have some numbers, some letters, some capital letters, and an unguessable word they all orbit around. But I’m as guilty as anyone of re-using the same password on multiple sites. Does this put me at risk? Perhaps, but it at least keeps me sane when I’m trying to remember my log-ins!
How do you approach online passwords? Do you use the same passwords over and over for different sites, or vary your approach for every log-in?