Weak Passwords – not a bad idea

There is a theory that passwords must be ultra complex, and I do not completely disagree with that policy, at least for important stuff. Secure passwords, in the opinion of ‘the experts’ contain UPPER case letters, lower case letters, numbers and symbols. And multiple of each {2 more upper case letters and 2 ore more lower case letters, etc.}. Also, the letters should not spell out any actual words and especially words that are linked to the individual.

It was fine and okay to follow that kind of policy when people had very simple online lives – an email account for work, an email account for home and maybe a bank account or two. Now, however, most people have very complex internet/digital worlds with multiple email accounts, multiple bank or investment accounts, an access account for their employment, Facebook, Twitter, Vine, youtube, google, amazon, ebay, paypal and numerous other accounts. Each requires a password and each should be different from the others.

Personally, I have my main personal email account, several email accounts for my numerous websites, a junk email account on yahoo that I use for anything that may get spammed, accounts at 2 different credit unions, my employer has an employee portal for paychecks, benefits and other personnel business and then I administrate numerous personal and friends’ websites. Plus I have passwords for different revenue marketing programs used on some of the websites. I can guess that I have upwards of 50 or more total different accounts that should all have different secure passwords.

If I was to follow the guidelines of a complex and different password for each service/activity and also follow the convention that passwords should be changed every six (6) months, there is no way I could stay on top of it. Granted, I may have a more complex situation then many people, but I also have a less complex world then many other websiters/blogmasters that I know.

If you are also in the world of having more then 20 password protected accounts, you already know it is impossible to keep them straight and at the same time follow all the rules of ‘the experts’. This leaves you with a couple of options. One is online digital wallet storing of your passwords. There are several programs out there offering this service and there are even commercial software for your computer or smart phone to store passwords. This, in my limited and uneducated opinion, is foolish because now you really do not have 20 different passwords – you have ONE. Anyone that hacks or gains access to the online vault or smart phone app with your passwords, now has all your passwords. Of course the computer programmers and marketers of these programs will tell you that it is impossible for someone to hack these systems, but as long as there are banks with money in them – there are people who will try to find a way to rob the bank. As long as there are computer programs with secrets (your passwords with access to your money), there will be people who will try to find a way to hack the program.

Most browsers allow for password storage and this, while convenient, is also dangerous because these programs are even more subject to hacking. However, for unimportant, or at least, lesser important accounts – this is an acceptable means for storing passwords. I do this for many of my blogs because if a blog gets hacked and becomes a security threat – I will delete the blog. I do not use this storage method for financial or other such critical passwords.

A current theory that is being carried forward by the ‘the experts’ is that you should use simple passwords for lesser important account and more secure passwords for more important accounts. The right balance of complex and easy to remember is a personal decision. For some people, their facebook password is more important to them then their bank account password and as such will be need to be more secure. For others that facebook is a once every few months activity because they are busy managing a large investment portfolio, they should have a very secure and complex password for their brokerage account.

Regardless of your opinion of password security, try to avoid easy things like your kids or pets names, important days like birthdays and avoid using the same password for junk activities (personally: facebook, youtube, twitter) and financial accounts (banks, investment, paypay or ebay – where people could order stuff in your name).

Happy computing.

Posted in Password

Leave a Reply