Some thoughts on our passwords

Article Index

As our lives slowly transform into the clouds, we have to make sure that our passwords are increasingly stronger as well. It is established that perfect passwords need to be complex, unique and memorable – the problem is that it's impossible to fulfil all three requirements at the same time. First you can read a bit of intro on passwords and their place in our world, and on the second page I'll show you a trick to create the perfect password (?)... well, one which ticks the three above criteria at least.

Passwords

We are putting more and more of our data in the online clouds: our pics, music, thoughts, conversations, video games, shopping lists, bank details, everything really. Even plugging an external hard drive or a mobile phone into the computer feels like a hassle these days, at least for me. This, in turn makes our data pretty damn vulnerable. It's simple, but we often forget that our data doesn't sit with us physically anymore, but instead, it lives on remote servers somewhere out there in the world. That's why passwords and authentication these days need a bit more care – they are guarding a way bigger chunk of our lives than they did a couple of years ago.

Edward Snowden was talking about passwords a couple of weeks ago with John Oliver. I don't think there are a lot of better people out there to talk about passwords and security than an ex-SysAdmin for the CIA and the DIA who ended up turning the world upside down – and of course those two guys together are hilarious too, so if you got 3 mins, do watch the video below. Snowden makes a point about dictionaries, long passwords with mixed-case letters, numbers and symbols in them, and finally walks the walk too, coming up with a pretty cool password himself at the end to the delight of Oliver. Not.

Now as amazing as "margaretthatcheris110%SEXY" is (after all, it would take an ordinary pc around 88 nonillion years to crack it), it doesn't solve one of the fundamental issues of our online presence. That is, if our password gets stolen from somewhere, we are in deep trouble. These days, as our passwords protect more and more of our personal and professional lives, big companies are attacked on a daily basis for our valuable information – and even though 99% of these attacks are unsuccessful, we are getting in trouble more and more often just because of the sheer number of the attacks. Just to name a few security breaches of late: LinkedIn, Twitter, Adobe, Yahoo, Kickstarter, Forbes, and of course, the list goes on and on. It's important to mention that our passwords can also be stolen from us too with fancy things, like keyloggers, not so fancy things, like looking over the shoulders, and extremely fancy things, like breakups too (right, guys?). This means that even if you're using the most uncrackable "margaretthatcheris110%SEXY" everywhere, if someone can somehow get their hands on it, you are in deep trouble.

Disturbingly, 80% of people said they were reusing their password.

Lorrie Faith Cranor: What’s wrong with your pa$$w0rd?

So what do most people do to stay safe in case their passwords got stolen? According to a recent study at Carnegie Mellon University, well, 80% of the people don't do anything. They reuse the same password over and over again, everywhere. Ouch. A further 17% of the people play it smarter: they write their passwords down. Even though it sounds like a terrible idea at first, it's actually still better than using the same password over and over again. I have a friend who has a word doc filled with pictures of random food recipes and illustrations – but under the pictures, if you pulled them to the side or deleted them, you'd get to all the juicy stuff. Smart, right? It definitely is, until you lose the one unified document or book containing all your info. Or worse, if it gets straight into the wrong hands... because then you really are screwed. That's the problem I see with password managers as well: if you lose them or someone gains access to them, it's straight up DEFCON 1.