Here’s a sentence I doubt you or anyone has ever said or thought unironically.
“Oh boy! I get to create another new password to remember. My day is made!”
It’s annoying, tedious, and frustrating. It’s also very necessary. Passwords are an unfortunate byproduct of living in the age of the internet. There are some weird and wonderful things on the internet, but there are also some objectively awful places that no decent person should ever venture.
Seriously, people. Stop visiting 4chan and 8chan. You will lose your humanity.
Like any activity, there’s a safe, responsible way to go about it. Having a good password is one of them. I learned this early on when I started going on the internet. Back then, I had only one account to remember. It was for AOL, which makes me feel way older than I care to admit. Unfortunately, I didn’t understand the importance of having a secure password.
My own brother actually guessed it at one point and got it right. That’s how bad it was.
From that point forward, I made a conscious effort to make my passwords less obvious. Anyone who has been on the internet for more than a few days knows that’s easier said than done. Every site and every service these days wants you to sign up and create a new username/password. It’s tempting to pick something simple an easy to remember. That just ensures you’ll be vulnerable to hackers and cyberthieves.
Let’s be honest. As necessary as it is, we still find it annoying and tedious. Our brains aren’t wired to remember dozens upon dozens of passwords. Even if you write them down or use one of those password storage programs, it’s still a pain in the ass. While biometrics like fingerprints and face scans are nice, they’re not perfect. They can be hacked too, although it is harder.
Like it or not, we’re stuck with passwords. One way or another, we need to use them and we need to make sure they’re secure. That means not reusing the same password for multiple accounts. That means not using something that’s easy to remember, but easy to guess.
Also, don’t use your birthday, social security number, or pet name. That’s just asking for trouble.
I won’t belabor how important/annoying passwords are. That’s not the entire purpose of this post. This is just a brief rant on this very modern problem that’s bound to get worse, at least until we come up with a usable alternative, like FIDO2 keys.
Since that time is a long way off, we’re stuck with passwords. In the interest of making this a productive rant, I’d like to offer a brief tip that I’ve found helpful in recent years. It’s a tip that other tech sites like Wired have echoed.
Ideally, you want a long string of random letters and numbers for a secure password. I know that’s not easy to remember, but that, in conjunction with two-factor authentication, should give you ample protection. Use that sort of thing if you have an account that contains very sensitive information. I won’t speculate on what that might be. I suggest having at least one account that uses that.
For other accounts, where you don’t need that level of security, consider using a passphrase instead of a password. It’s exactly what it sounds like. In lieu of a string of random characters, a passphrase is just a string of random words, often with some numbers mixed in. Here’s a good example:
Drunk Table Boobs Market Egg Hill Donkey 2012
There’s nothing logical about these words, but they are somewhat easy to remember. Just note the capitalization and the spaces in between. If that’s not viable for certain forms, use dashes instead. It’s not a random jumble, but the length alone of this phrase will give you plenty of protection. Just punch it into a random password checker to see for yourself.
You can mix in some symbols and what not along the way. Just make sure to avoid common phrases. Do not use famous movie quotes or song lyrics. Those can be guessed. I’ve known more than one person whose passphrase was “May the Force be with you” and “Hit me baby one more time.”
In general, passphrases tend to be easier to remember and keep track of. Try it the next time you need to set up a password for a new account, whatever it might be. As annoying as it is, it’s still necessary. A little annoyance now is still more tenable than the far greater consequences of having a weak password.
Jack Fisher's Official Publishing Blog 