Thursday, January 5, 2012
Password Proliferation: How many do YOU have?
Okay, so, how do you keep track of your passwords...for everything from banking to accessing your email to booking a ferry? It's pretty clear that almost no one does what they're supposed to do (except maybe people on the job who are required to follow procedures), and it's a universal headache!
Here are some of the ways people admitted to me they keep track of passwords. Sound familiar?
*Keep them on a post-it note on their computer
*Email the list to themselves, or keep them in a word document
*Use the same password, or two, or three, over and over
*Keep one "stronger" one for vital accounts, and use an easier one for the rest
*Just keep the same one for years
*Use the "forgot my password" option and keep changing them each time you go to that file
*Use one super strong password for all, or to access a password manager account where the rest are stored
The official advice about creating secure passwords is, quite honestly, simply not within the realm of possibilty for humankind: i.e. choose a word not related to you in any way; not found in any dictionary; add upper and lower case, numbers, and characters and make it long; don't write it down, have a different one for each account, and change it frequently. Sounds a little like theatre of the absurd.
We NYNOs (Not Young, Not Olds) are really the first generation to come face to face with the dilemma of passwords. When we were growing up, Password was a TV show! But even the younger generation is at a loss as to how to safely keep track of passwords, from what I'm hearing.
Despite this,maybe it's time to try to follow more of the “rules” of password security, at least for your most sensitive files....financial and such. I know people who create a strong password (most accounts, like gmail, will let you check to see if your password is strong or weak) by choosing a mnemonic (or phrase), like: No one will ever be able to guess my password, and then add numbers and upper and lower case and special characters. Then take the first letter of each word, or substitute a number, add a character or two and you could wind up with something like: N1wEbA2gMp!$ Simple, yes? If it weren't so important to our lives, we could all write this off as some sort of Monty Python skit, but the truth is, it IS important. There are password manager programs, but I've only spoken to one person who is using one.
So, like the challenge we put out on my CBC radio column, I call on security analysts in the business to come up with an easier way to manage and secure our passwords! If no one follows the rules, we've got to come up with new rules, right? I live in hope, waiting to hear suggestions for a user friendly doable password plan for the average person.