Coping with Strong Passwords
Strong Passwords – Why Are They Needed and How Can I Deal With Them?
Online Security is a Serious Problem – There’s Really No Way Around It
If you haven’t experienced some form of hacking in your personal online accounts or activities, that’s a good thing. If you’ve had the misfortune, you may have a changed outlook on the value of security precautions. There is much work being done, high and low, to protect our ever-increasing online activity. For individual users such as ourselves, keeping our software updated and our passwords managed properly are a critical part of a secure internet. WordPress and many hosting providers are moving to more & more stringent qualifications for our passwords.
In this article, we cover:
- The Reason Why This Is So Difficult
- What Makes a Strong Password
- Options:
- Use the Suggested Strong Password
- Password Management Tools
- Using Pass Phrases
- Roll-Your-Own Strong Passwords (if you insist)
- Pseudo-Memorable Passwords
- Examples of What Work (at the time of this writing)
- Our Recommended Option
However Inconvenient Security Measures May Seem, It’s Nothing Compared to Being Compromised
Have you ever been hacked? What could that mean for you?
Some security compromises are so subtle by design, you may never know they were there. This could be a scenario where you the big disaster is incubating, waiting to hatch or perhaps a slow, steady flow of information harvesting. It could mean an entire data center comes down taking days to restore. Or it could be small, maybe only affecting your site. In that case, there may be no team of experts or coordinated international efforts to do the work of restoration…. It might mean your website displays unsavory content, unrelated links, or perhaps totally disappears never to be recovered. It has happened. I have seen it. The threats are certainly out there.
Human Nature Makes Strong Password Seem Nearly Impossible
Actually they’re not humanly possible at all… well, not with with the convenience we’d like to enjoy. The very nature of this dilemma has awkwardness built right in. Human nature has its vulnerabilities and computer programs and scripts can find those. When we try to apply our intellect, our human nature steps in as well as the vulnerabilities the hackers can sometimes detect. It’s in your best interest to invest a little time for learning and maybe a small part of your budget to protect yourself.
A Little About What Makes a Password Weak or Strong
Humans are creatures of habit and detectable patterns follow us, in ways we often don’t notice. Trends in our behaviors are the roadmaps of how we live our lives and it’s understandable that our secrets can be revealed by studying these patterns. Even our passwords reflect this. So an intrusive computer could anticipate and test password patterns and combinations to hack its way into our online systems. One way to deal with this is to come up with a program that does the opposite of our nature and generates what is referred to as a ‘strong’ password. WordPress does exactly this with suggesting a strong password when users set or reset their password.
You may choose to use this strong password that WordPress offers (possibly, in the end, the easiest choice and reasonably safe), or you can choose to supply your own. But if you are trying to craft a password that is strong AND that you can remember, you have a bit of a task. We offer some suggestions below for you to try.
Quickest – Easiest Option – Copy/Paste WordPress’s suggestion and store it in a safe place.
Voila and you’re done. But saving for later access and passing it onto your multiple devices may pose another security risk. You can save the password to a file, and save that in Dropbox or Evernote for retrieval by multiple devices but that could be sniffed out by nefarious gremlins. Did you send it by email? …then delete it! (…both from your inbox and your trash folder.) Even so, emailing passwords is perhaps risky.
Use a Password Management Tool
We think this is your safest option and in the end will make your life easier in many areas. But this does take a little time, a little learning, and a little pocket change. We have used Last Pass and are happy with the results as well as the price but there are many options to choose from (Dashlane, LogMeInOnce, or you may Google Search the term).
The Pros are abundant – The Cons are minimal… such as:
- There is a cost involved.
- You will have to learn how it works.
- You will have to set it up.
- Not every website will sync exactly the same way.
But for each of these Cons, there are Pros that outweigh the inconvenience, once you learn the ropes. Here’s an article that describes the experience of using a password manager.
Use Pass Phrases Rather than Pass Words
Put together three or four short words such as: fork level misty skenck (forklevelmistyskenck). Of course, this could be also hard to remember as well as a lot to type… easy to make a typo… you may have a headache just thinking about it.
Conjur up Your Own Memorable Yet Strong Password
This may sound enticing but experience says this can be a never ending source of frustration as password strength requirements change frequently. Usually, once in, your password is good until you try to change it again (if strength requirements increase). You can anticipate minor headaches with this method.
Nonetheless, here are some suggestions that work…. or at least they did work when we tried them. Read on…
Pseudo-Memorable Passwords
More trickery here and we hope the joke is never on you. Some suggestions:
- Avoid common catch words in your password. They only translate to “more characters than needed” for a really “strong” password
- Use more special characters (the more, the safer BUT the harder to remember)
- Develop a vocabulary of special character combinations that YOU like ( such as @$@ , ^|^ ). Do you like these? Try more and put those into your passwords.
- Substitute numbers for letters… use a three for an E, a zero for an O, a one for an L.
- Add in your telephone number… but not one that’s on your website.
- Add your birthdate or any favorite date from your personal history.
- Use three special characters + your initials + the same special characters (pretty simple in concept as well as strong)
- Hold shift key down and type your 10-digit phone number (due to keyboard/character layouts, this won’t work so well on phones or tablets)
See the image gallery below for proof positive on what works (at time of writing) to create a strong password:
Which Option Do We Recommend?
For the best option, we suggest you find a suitable password management service. You then rely on the wisdom and prowess of experts to know the issues and stay current with new dangers. We won’t recommend any particular service other than what we have used and are happy with but that doesn’t always translate to your needs or experience. There are many options to choose from. We share our experience with one password management service and why we think a password management tool will make your life easier.