Everyone is are aware that having passwords to secure our online accounts is important. Most of us know passwords should be something hard to guess. Many of us have a few passwords used for different types of accounts where we use, for example, a password for banking, another for social media, one for email, and one for everything else. After all, with dozens, or even a hundred or more online accounts, how can you remember a unique password for every single one?
Unique Complex Passwords
The simple truth is you should have a unique password for every online account. The password should be random characters with no meaning to them what-so-ever. They should contain a mix of letters, numbers and symbols and have no patterns to make them easy to remember. You should also have a long password length, perhaps 12 characters or longer.
What is Wrong With My Password?
To understand why passwords need to be impossible to remember, let’s have a look at how we try to make secure passwords easier to remember.
In order to remember our passwords we generally create a pattern of some sort. Using part of the website’s name, a word that no one would associate to you, adding a number and symbols at the end so it isn’t just a word, capitalising letters in the middle and substituting letters with numbers or symbols like $ or 5 instead of S and ! or 1 for i.
Using your pet’s or child’s name is a popular method used to make a password easier to remember, however, it makes it easier to guess too. It may be harder to guess if your son is named Hartley, which isn’t included in the top 2000 most popular boys names in 2019, but if you are known to the person (doesn’t have to be personally, it could be through a discovered social media profile), then it has been narrowed down to only a few names.
Something really difficult to remember will be much safer, right? What about these passwords?
You may quickly notice the pattern of the last one. It is simply the first six letters on a Querty keyboard. The other three may appear to be more random but they follow a simple pattern. The first is from holding shift and pressing all the numbers starting from 0 down to 1. The second uses four keys on the keyboard starting from k, then the four keys below it. The third is a little trickier, it uses letters down the keyboard in three columns using the shift key for each alternate letter.
Just because it looks random to a human doesn’t make it random to computers and these sorts of patterns are well known to be used anyway. Humans are somewhat predicable in the patterns they form, to the point that if we try to create a random password manually, it is possibly a pattern of some sort that is known by hacking systems.
All of these things generally don’t make your password more secure – except maybe from yourself when you forget them and have to recover your password for the fifth time in a year.
How to have secure passwords in 2020?
If your passwords don’t stop you getting in yourself, then they could be made more secure. If you use simple passwords, patterns that seem they are secure but are easy to remember and use names or words associated to you or what you use in some way, then the year 2020 is a good time to improve your password security.
What is needed is a long random password that is impossible to remember and unique for every website and online account you have.
A password manager is a way to remember all of the passwords without you having to remember them yourself. LastPass is the tool I use to look after my passwords and make my online security easier to manage.
There are a few reasons to use LastPass for password security, enabling me to have random, unique and unmemorable passwords for my online accounts is why I use it.
LastPass becomes the weak link as you still need to have a password you can remember for it, otherwise, it can’t help you everywhere else. Using 2-factor authentication locks down LastPass so it is difficult to access from anywhere else you don’t have control over. If you are not sure what 2-factor authentication is, it is when you have to enter a code sent to you by text message to your phone or some other scheme that is in addition to the password alone, so guessing the password by itself doesn’t work.
LastPass can be used for free for most users, and for those wanting a bit more, there are business and premium subscriptions for LastPass.