By Ean McDonald - January 19th, 2018
If you’re like me, it seems like I find a new web service I want to try once per week... or more sometimes. The tendency for me has always been to use the same password for everything so that it's easy to remember.
If this is you, I'm going to recommend some habit changes post haste. Stat! …pronto!
The web comic XKCD has a good explanation depicting the danger of using the same password across secure and potentially insecure websites. The problem is that your password is only ever as secure as the yuckiest (least secure) website you sign into.
<aside> 🔥 It’s not uncommon for websites to sell full lists of their users and passwords. Even perfectly reputable websites can potentially be hacked and have all their user data stolen.
</aside>
The minimum best policy then is to make sure that any website with your important data should have a unique password that isn’t shared by another online service. That way, if someone gains a password from some other website, it’s not going to lead to your banking access or e-mails and personal contacts.
For me, I look for a service with good encryption (meaning they keep your data safer), then you create one really great password that you can remember to sign into that service, and it remembers the rest of your passwords that can all be unique.
Most websites have gone through a transition from a plain password, to making you add capital letters, then additionally special characters. It turns into a password that is complicated to remember, and ultimately not very secure. Once again, XKCD has a great way to explain this concept.
The problem you’ll run into, even with creating a long password like this is that you’ll still probably have to have a number, and a special character like !?%&#. These websites are still stuck in the old model of trying to make a password hard to guess for a human, but computers can hack shorter passwords really quickly, even if it’s gibberish.
A site to help you picture this: http://random-ize.com/how-long-to-hack-pass/
<aside> 🚨 Even though it says that the password you type in isn’t sent to their servers, as a matter of security, I only ever test passwords that are LIKE my password, but ultimately different.
</aside>
One really good method I’ve used for the long password (such as the one I use to get into Bitwarden for instance) is I thought of a song that I know every word, completely memorized... that I may or may not sing in the shower from time to time. For this example we’re going to pick “The Proclaimers - I’m Gonna Be (500 Miles)”. It’s nice to use something with a number in there somewhere, or you can just replace some of the letters with numbers to help break it up.