Password Headaches (Part I)

 


Reach for the Tylenol; which password did I use here again? Is this a site where I can answer security questions? Get a text message? Or do I have to reset completely? And – oh, no – if I have to reset completely, does it have to be utterly different from any one I’ve used in the last twelve months?

How does a regular person go about solving the password puzzle? Is there even a solution?

Experts recommend having passwords with 12-16+ characters (including lower and upper-case letters, numbers, and symbols) in a completely random order. That’s well-known. It would be extremely hard for hackers or their programs to crack and thus get in and get our information. Unfortunately, I obviously can’t remember my 8 character password that I thought was so cute and clever. I just knew I’d have to remember it.

Nope.

So, now what?

Do you hit “Lost your password” and follow the directions provided? Do you open Notes on your phone and scroll through them until you find the one where you’ve saved that information (praying it’s updated) for this site? Do you dig through your desk drawers, purse, briefcase, notebook until you find the little slip of paper where you write all these things down? Do you open your DayPlanner to the Password Reminder Page?

All but the first one are bad ideas (Oh, no, honey, I don’t do any of those…really…). So what can you do?

*UN-COMMON SENSE

We all have it, or should. There are certain things you should definitely always do.

  1. Watch out for phishing scams. No one should ever ask for your password over the phone. And any company/business that already has your information won’t email you and ask you for all your information out of nowhere. Call the numbers you already KNOW to double check what they’re telling you – not just the ones provided in the email or in the phone call. Yes, your time is valuable, but so is your money and identity. Take the time to call their customer service. A quicker way may be to check snopes.com.
  2. Don’t ever use personal information or common words as a password. Your anniversary or birthday may be hard for your spouse to remember (sorry, guys), but it is really easy for a hacker to figure out. As are your children’s, parents’, and pets’ names. And, unfortunately, you aren’t being sly by using things like “password” or “qwerty” or “incorrect” because too many other people have tried those already.
  3. Use 2-Step Authentication whenever possible. It requires something you know and something you have.  That way, to get into your account you have to enter a password (know) AND use your device (have) to enter a code or fingerprint or secret handshake.
thumbprint, fingerprint
Two-Step Authentication usually includes a thumbprint scan on your mobile device or text messaged code delivered to your phone.

*BASICS – the very BOTTOM LINE

Create a strong password that you can remember, but is hard to crack. Do NOT share it. Try not to use it on multiple accounts.

At the very least, what you need to do is make sure each of your frequently used accounts that you want to keep secure has a solid password: email, bank, shopping.

There are several ways to create a solid password. Remember the basics: variety of upper and lower-case letters, numbers, and symbols, minimum of 12 characters.

*SENTENCE to PASSWORD

This way looks kind of fun.

Come up with a sentence (or two) that only has meaning to you. For example:

My first teaching assignment was with freshmen and juniors.

Or

A day at the beach? Count me in!

Or

He who brings donuts to work is well-loved by all.

Now get creative. Use the first letters (or second or last – whatever you’ll remember) and recreate the sentences using characters (Lee, 2014). So sentence one might end up as

m1stTAwwFsh&Jrs.  

15 characters. Makes sense to me. Looks random to others. And, according to HowSecureIsMyPassword.net, it would currently take a computer 41 trillion years to crack it!

Sentence 2? Ad@tB3@ch?Cm3In!! 17 characters = 4 quadrillion years!

Sentence 3? hwbD0nUtstwiw<3ba. 18 characters = 18 quadrillion years! Donuts win…always.

password headaches security how to edtech edtechchris
The password hwbD0nUtstwiw<3ba. would take a computer 18 quadrillion years to crack.

Could I remember those and which site they went to? Probably. I’d have to have some kind of code for myself. Come up with a money reference for the bank site, letters/communication for email, and whatever I used that credit card for the most for each of my credit card sites. Then I think I could. But that would be the kicker.

*PASSPHRASES

Another suggestion was to use four to six word passphrases instead of passwords (Hoffman, 2015). The friendly people over at the Diceware website even have a nice list of words to help you out. All you need is a regular set of dice, and you’re ready to go!  These can be common words, or rare, and you figure out how to remember each of them and their order. With a passphrase, you include the spaces between words.

An example might be:

password headaches security how to edtech edtechchris
L3mon k1ck1ng p00dle Sh3ll would be a great password. 33 nonillion years to crack with the numbers in there! 🙂

lemon kicking poodle shell 

And, if you can picture the poor poodle in its shell getting bullied by the vicious lemon, you’ll remember that passphrase with ease! It’ll be safe for 8 septillion years!

*STORIES

A blend of pass phrases and sentences is the story method. Here, I would take the sentences I made up earlier and use them as my password. They’d be better if they were much more random, and had nothing to do with my life or anyone’s life or any story I’d ever read, but still, they’re pretty good. Let’s look at the first one again.

My first teaching assignment was freshmen and juniors.

Now it’d take 522 sesvigintillion years for a computer to crack it. I have no idea how long that is, but it sounds like longer than I’d need.

*THE ONE TO PASS THEM ALL

Let’s think of how many different passwords we need, shall we? Home email, professional email, online banking, car loan(s), Amazon, Barnesandnoble, ebay, credit card(s), various professional sites (for me that’s like TeachersPayTeachers and LinkedIn), Netflix, facebook, twitter, and the list goes on. So far, I’m at eighteen, minimum.

Eighteen different sentences? I couldn’t remember two or three cutesy license plate phrases like D@isee<3me or G0LngHRnZ!!, and I may need more than Tylenol to solve this headache. How do I think I can remember 18 different sentences for 18 different websites?

I can’t, but there are apps and programs that can. They’re called Password Managers. See Part II for a breakdown of some that are recommended for regular people.

password headaches security how to edtech edtechchris
Password Managers just may solve my Password Headaches for me.

 

Hoffman, C. (2016, July 29). How to Create a Strong Password (and Remember It). Retrieved June 22, 2017, from https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

Lee, K. (2014, July 08). Four Methods to Create a Secure Password You’ll Actually Remember. Retrieved June 22, 2017, from http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240