The Atlanta Journal-Constitution
Super password for every site you visit is unnecessary
Even though I have the gift of being able to look into your mind and know what you do, what you think, I don’t often do that. It seems a little rude, and besides it can give me a headache.
But today – just to make a point – I’m going to read your mind.
Keep reading and I think you’ll find your own habits described somewhere in the next few paragraphs.
Your password is no more than a single word. Or if you do use random letters there are no numbers, or punctuation marks. You probably don’t have a mix of lower case and capital letters.
Your password is the name of a child, or a friend. It’s the same as your Social Security number or an old street. Or maybe it is something really dumb like 1234 or password.
You use the same password for every site that requires one. You haven’t changed your passwords in the last six months.
There I’m done for the moment, I’ll be right back. I need a glass of water because reading minds always makes me thirsty. While you wait for me to return let me assure you that you shouldn’t feel like an idiot if you make one of the mistakes in the examples above. Instead, understand that smart people do idiotic things all the time. Truth is that if you just learned you are doing something wrong with your password you should be pleased – now you’ll be able to change that behavior. Let me show you how to do that.
As you can tell from the list of bad passwords above a good password should contain numbers, both capital and lower case letters. It shouldn’t contain any words – not even foreign ones. It should be at least 8 characters long (the longer it is the more secure it is). And you should change that password every six months or so.
Now that may seem like it is a real hassle. But here’s what makes it easier. You don’t need a super duper password for every site you visit. I’ll use my own Internet habits as an example here. Some sites require passwords but contain no sensitive information at all. For instance two websites I visit are just places to discuss sports. Another that I’m using is trying (and failing) to make me fluent in Italian. None of these sites contain credit card information, don’t have any of my personal information stored (not even my real name). So for sites like this I use a single one word password and never change it. And I use that same password for each of the sites. I never change that password since a hacker wouldn’t gain anything if he signed on to my account.
He would only know that I’m disappointed in how the University of Georgia football team performed this year and that my Italian is bad.
I only follow the rules when using sites that contain personal information — especially including financial information. However, for most of us, that still leaves a lot of websites that need good passwords. And that’s when you simply must follow the rules for a secure password. And since that includes using a different password for each site it can get confusing. For some, that means using a password manager – it keeps track of all your passwords so you don’t have to remember. Here is a review of some of the most popular: www.pcmag.com/article2/0,2817,2407168,00. asp.
I don’t use a password manager (I have nothing against them, I just don’t) but have found ways to make things a bit easier. Let me offer an example of how I do things. I usually start with a string of random letters.
To keep it random but to help me remember them anyway, I take the first letters from a song or a saying that I know. Let’s say I use the Marine’s Hymn and copy those letters, including capitalizations.
That gives me ftHofMtt. Now I add a number at the beginning and end – just pick two that you can remember – and I have 7ftHofMtt2.
It’s a good password that should be secure. If I worry about forgetting it, I copy it down on a piece of paper.
I don’t much worry that a burglar will invade my house, look through all my paper files and find that paper. He’s more interested in the silverware.
That’s how I do it. You can use my method as a starting point and modify the system so that works for you. As long as you have a scheme that lets you remember the random letters and numbers, it’ll be just fine.
I never change (a) password (if) a hacker wouldn’t gain anything if he signed on to my account. He would only know that I’m disappointed in how the University of Georgia football team performed this year and that my Italian is bad.