New year’s resolution: stronger passwords

I’ve liked to think my password is pretty strong. It has a good mix of symbols, lowercase letters, capital letters, and numbers. However, you’ve probably already picked up on the biggest problem: like most, I have one password I use for everything. XKCD has a great explanation of why this is a problem. For example, If I’d had an account with Gawker when its servers were compromised last month, I might have been in trouble. For all I know, I already am in trouble from a different site I use having been hacked.

For the new year, no more! My new year’s resolution is to use only unique passwords for all my different accounts online.

To not go crazy trying to remember everything, I’ll be using one stem password that is easy for me to remember (but quite strong on its own) and adding a different suffix related to the site for each account (as Gina Trapani advises). That way I can keep a list of the suffixes (separate from my computer, in a locked place) which could not be used on its own to access my accounts.

For more info on making secure passwords, try Lifehacker’s article “How to Update Your Insecure Passwords and Make Them Easy to Use” or Wikipedia’s page of Guidelines for Strong Passwords.

  • Shrutarshi Basu

    Ultimately the problem with passwords (or lack thereof) boils down to one thing: we don’t have a way to establish identity online (or in most computer systems for that matter). The matter is further complicated by the fact that we don’t have one single for the whole web. I use one identity when I’m logging into my college website to check grades and another one to post random clippings to my Tumblr and the two *should not* be linked. In an ideal we’d be able to create (and delete) multiple online identities while maintaining a generally anonymous presence and have some software under our control perform the actual authentication procedures.

    Mozilla came up with an interesting concept a few months ago about the browser being a “user agent” where basically your browser handles your (multiple) identities online, but I don’t think they have plans for actually implementing it. I think you can google for the videos.

    While we’re stuck with passwords, I do use a base+unique system for my passwords too, though I have more than one base as well.

  • Philip

    I think you’re doing it wrong! that’s an even bigger mess! and it still is easily breakable if someone gets just on of the passwords of one site as gawker and access to the text file on your laptop.
    I believe the easy and more secure is a three-tier level (two, three, four, up to you…)
    So i use:
    – a single, very easy to remember, password to everything of unimportance, just as webforums, news sites, blogs, and everyhthing i don’t find valuable on its own. So someone had the trouble of getting my zdnet comment posting account. so what. enjoy. i’l have it reset in the morning or simply create a new one…
    – on or two more hard ones, reusable or tradable between applications for the more crucial stuff as various Messaging, skype, amazon (i use a temporary, usable only once credit card so i’m not particulary worried about that) and some other site with real value to me.
    – and then on the top level, individual for each site, usable only once on this level (they can go down to the second) for my banks websites, my emails accounts, and something like other professional accounts that are a reall pain on the ass if i lost them.

    So all summed together i will have something like 10 passwords or less to remember of which one i know by heart, two or three are just standard and i can try them all on a login if i got it wrong at the first time and just the crucial ones are the ones i have to memorize. And these are quite complicated but still easily rememberable for me.

    Now, i do switch them time to time, 6 months or so, and just keep a shot lived backup scribbled on a small post-it on my desk, on my unreadable letter and with abbreviations and something that don’t makethem easy to understand.

    So there you got it. a simple, secure for what it matters, system designed for humans…
    The mistake on the articles you’ve mention was going from the opposite of using the same password on “every site” to using a different password for “every site”.. that’s mind breaking.