If you listen to many so-called “security experts”, they’ll tell you that to protect your identity online, your passwords should all be a random jumble of letters, numbers and symbols, the more characters the better, use a different password on each site, don’t write any of them down or keep them on your computer, and change them often. So if you have a lot of passwords – and if you’re in the IT industry, you easily have several dozen – you need to keep a whole lot of Hjk5&#rwY< in your head.
No problem…if your name is Data and you fly on the Starship Enterprise. For everyone else, here are two realistic suggestions you can actually do.
- Use a password manager. Browser plug-ins like KeePass, LastPass or RoboFormwork in all browsers, and when you need to log in somewhere, they will automatically enter the info. They’ll fill in forms, too, so you don’t have to keep typing your name and address everywhere you go.
The downside to password managers is that you still need a strong master password for them, and not everyone feels comfortable storing their passwords in the cloud. Earlier this year, LastPass was hacked and a few people had their info stolen, but only those who used a weak master password. Password managers also tend not to work very well on mobile devices.
- Use a phrase. Instead of trying to remember ridiculous jumbles, use one password for multiple sites, but make your password the initial letters of a phrase that has meaning to you. For example, my phrase might be Flemington is on Highway #202. Taking the first letters and symbols, my password would be FioH#202. (Maybe include the period for good measure.) That’s easy enough for me to remember without writing down, but hard for anyone to guess. And it should satisfy the requirement that some sites have for including uppercase, lowercase, numbers and symbols in a password.