I reckon only 50% of my readership will understand that post title.
The other one will have no idea.
Anyway, I was reading an article last week, about the security of the passwords we all use.
Most of us pick something memorable and use that for everything… which is not a good idea!
I have my own system, which I have always considered to be pretty difficult for the hackers to crack, but as computing power gets faster and cracking software gets better, I wondered whether that would still be the case. And of course, now that we all have access to AI systems, who knows how much quicker and easier it will be for the naughty hackers to crack our passwords.
From what I can gather – and put simply – the longer the password, the more difficult it is to crack. But of course, having different 18-character passwords for everything, isn’t easy. We need a compromise between security and convenience.
As such, I took a long, hard look at the system I use. All my internet login passwords use a mixture of letters, numbers and special characters as shown in the far right column in the table above. They tend to be of different lengths, but generally all fall into the orange area… which is fine: if some hacker wants to spend three years trying to get into my Cineworld account, then so be it.
On the financial side of things – banking logins, etc – I use a slightly stronger system and it all falls into the the yellow area. Coupled with 2FA, I feel this is probably secure enough.
But, whilst my system makes it pretty easy for me – and me alone – to guess my passwords, there are still too many for me to try and remember (bearing in mind, you normally need to remember a login name as well as a password). And so, I use a Password Manager on my phone – with a desktop application – and it currently holds about 200 different passwords.
There are plenty of good ones available – I won’t be recommending any here, just do a search – and even the free ones look pretty good.
With a Password Manager, you only need to remember one master password – so make it a good one and make sure you don’t forget it!
Of course, you may be thinking that if I lose my phone and someone then finds it and manages to guess the sign-in pattern I use, and then also somehow figures out the master password for the Password Manager, then they would have access to all of my passwords. But no: without that key piece of info about each password, that is known only to me, they won’t get very far.
So, after several days of looking at different password systems and different Password Managers, I’m happy that my current system is up to the job.
So long as I don’t accidentally download a keylogger.
Password managers are terrific pieces of software for consolidating all of your passwords into a single source of the truth. Until the source code for that source of the truth is leaked, or until the customer content of the core database is leaked onto github by a disgruntled employee. Anyway, away from that conversation, I have a suite of password protocols that I switch around every year. The protocol for the year before last, for example, were a series of misspelt Welsh placenames of not less than 12 characters, with vowels replaced by numbers, and the final misspelt Welsh placename (with numbers, etc) was followed by two exclamation marks then two digits then three special characters. Anyway, if you forget your password, you can always get it reset and, in many ways, that’s the most secure password management system of all 🙂
Is it even possible to tell when a Welsh placename has been misspelt?
Getting your password reset is obviously a good thing… doing it before some git has emptied your Swiss bank account, is the thing.
My favourite Welsh placename is Ynysybwl which, you’ll note, contains no English vowels (but four Welsh ones). Unfortunately Ynysybwl can’t be used as a password according to my criteria because it’s too short. However, I have a cunning plan to stop people from emptying my Swiss bank account… I don’t have one which, given the current UBS/Credit Suisse situation is a great idea!
Thinks I will stay as my own password manager and stick with my own hand written list. Can still change them as needed.
I just need to remember where I left the sheet of paper with the info on.
Everybody has their own system… it’s whatever works for you.
Is it with that pile of money under the mattress?
You guessed. I use white fiver serial numbers as passwords.
The problem with AI, Masher is that there will come a time when you can’t outsmart it and how it can be manipulated for the greater bad. Put your hard cash in a fake tin of pilchards.
It’d have to be a bloody big tin, to hold Masher’s millions.
Perhaps Brennig would suggest using a fake tin of wales instead of pilchards.
I don’t think keeping anything in a tin of pilchards (fake or otherwise) is a terribly good idea. It would go all soggy and fall apart even if there was enough room
I think the best thing to keep in a tin of pilchards, would be… pilchards.