Passwords Are A Nightmare!
Passwords. They have become a mainstay in our digital daily lives. And, for the most part, we hate them. They frustrate us, annoy us, never seem good enough and won't come to memory when we need them most - and we need them for everything! How do we escape the password Rabbit Hole?
Since we do not live in a Utopia, nor, in a world of trust, banking, social accounts, shopping, movie streaming, utility accounts, computers, email accounts, phones, business accounts... anything digitally accessible - a password for access is mandatory. And, to be safe, you should never use the same password for anything else, it has to contain numbers, letters - upper and lowercase, symbols, be at least 8 characters in length, no sequential characters, previous passwords cannot be used as new passwords, passwords must be changed every 60-90 days..... ARRRGGGGHHHHH! How in the world are we supposed to keep track of all this nonsense?
Unfortunately, all these rules frustrate us and we resort to convenience over safety. We use simple, easy to remember passwords, use them for many or all of our accounts and then complain when our Facebook account, email accounts, computers or banking logins, get hacked. But, if there was a convenient way to manage all of these passwords and recall them, our digital life might be a little easier and safer. But is there such a Devine tool? Yes there is but, it's not entirely what you think the answer is.
Yes, there are Apps and Software for this and they definitely help and can be solely relied upon but, only if you are using them and securing the information properly. If there is an app or software on your computer that stores your passwords for you, what is protecting that list of passwords? You guessed it... a password that you have to create. And many of these tools backup your info online so, how is that company protecting your password info and what if they get hacked?
The actual answer as to what tool is best for the management, security and convenience of passwords is... wait for it..... YOU! With a little smarts and a little guidance, you can easily manage the password nightmare but, yes, it requires diligence on your part. All of us want the super easy way but that means reliance on something else. We teach our children to be responsible so, shouldn't we be leading by example in our daily lives?
The Eight Four Rule
Way back, when I was in IT school, the industry standard for the most secure password was a completely random one and, at minimum, needs to follow the 8 4 Rule for complexity. 8 stands for the minimum number of character length and 4, standing for: 1 lower case + 1 upper case + 1 number + 1 special character
This rule, however, is now slightly antiquated but still meets the bare requirements for most passwords online. Yet, if we only strive to meet the bare minimum in life, it will surely come back to bite us in the booty at some point. That's what my parents endlessly taught me but... I digress. So, these days, 8 is bare minimum, 12 is suggested and 14 or higher is recommended. And therefore, as you might guessed, it should now be coined the Fourteen Four Rule...but no, it's more like the 14 7 rule now, but, still, the bare minimum is what almost all online accounts suggest as the minimum requirement when creating passwords for your accounts and therefore, the 8 4 Rule still stands to this day as what you need to use at a minimum.
Therefore, if we all follow this for each and every password we create, our accounts will be quite secure. But how do we remember all of these passwords?
The best way to help remember these passwords is by creating phrases or categories for the duration of the term that these passwords will be in use. As you can imagine, working in the IT industry and managing systems, admin accounts and employee accounts, requires me to manage an enormous amount of passwords. And, industry standard also dictates that these passwords are changed every 60 days (I usually do every 30 days). So, 1 month will be the category of Canadian cities for the passwords. The next month animals, the next month colours, the next month flowers, and so on, and so on. If the category name doesn't follow the 8 4 rule (at least 8 characters), I add the province abbreviation for my "Cities" example. But what about numbers and symbols you ask?
This is where it gets fun in creating your own language with easy character replacement. So, for the password in the month of "cities" category, one would be, CacheCreek, with a character replacement from an "a" to "@", "e" for "3". In doing this, now our password looks like: C@ch3Cr33k. But, I never like having 2 of the same characters together so I would change it to: C@ch3Cr3ek. In either example, we have instantly met the requirements for the 8 4 rule of 8 minimum character length, 1 lower case + 1 upper case + 1 number + 1 special character. Yipeee!
In the above example, my standard "password language" scheme goes by replacing letters "a" for @ symbols, "e" are always the number "3", "s" is "5", "L" is "7", "O" is "0", and so on. You can create any character replacement language you wish and therefore becomes quite unique. I happen to choose alternates that look similar to their counterpart. And it is incredibly easy to remember. However, for sensitive data accounts, or commonly used social media sites that crawl with hackers (ehem... Facebook), I use a much more complicated scheme... just for overkill.
While doing all of this keeps accounts more secure and conforms to the standard practice, keeping them less likely to get compromised, it doesn't solve the problem of conveniently remembering which password I used for which account. But, there are many ways to make this convenient for you. I myself use a text list on my smartphone. I open up my "notes" software and enter my username and password for the account I just created. It is all neatly organized in files and folders and I can even "voice" search these files easily. They are also biometrically protected and encrypted to ensure prying eyes cannot open the files. I have these files encrypted and backed up on my phone, my NAS (Network Attached Storage), on a portable SSD drive and in a secure folder in the cloud (MS 365 or Google Drive etc).
While this may sound complicated, it actually is not and it is fully automated and simple to setup. To backup even further, each file is additionally saved in a different file format (like Word and PDF and Text). This is done so that in the event one file somehow becomes corrupt I can open a different file format and still have access to my passwords. Is this overkill? Maybe. But, I have some pretty sensitive information. And, this was the standard practice I demanded from my team when working in the private and public sectors so it has conveniently carried over into my personal standards.
Password Management
Before you get extremely frustrated, and pull out your hair when trying to manage the plethora of account login information, know that there are umpteen password managing software options out there, both free and paid. A couple of them are excellent like LastPass and RoboForm and additionally there are built in ones on just about every Internet browser which are generally safe. That being said, LastPass was hacked and had user vaults info stolen in 2022 and RoboForm, while not hacked, did have security vulnerabilities in their software that were exposed. These events are unlikely to cause concern for those who change their passwords at regular intervals since, by the time hackers decrypt the information, your passwords would have likely changed by then. If using browser based managers, yes, there is some risk but if you are protecting your devices with security software and threat management utilities, you should be confidently safe.
To assist further there are handy apps and PC software that are password generators. Many of the password management software options I mentioned previously, have generators built in. So, if you do not want to create your own "language" enter the parameters of the password scheme and generate one instantly. These are some of the best passwords to create and the software stores them for you for future reference. Additionally, Multifactor Authentication, a security practice I discussed in last weeks post, "How Do I Stay Safe On The Internet?" , is something we always recommend using to work in tandem for your logging into accounts and keeping you safe. When logging into an account on a device that has never been used before or is in a different "home locale" than normal, you will get a prompt to enter a secret generated PIN from either an Authenticator App or one that has been texted or emailed to you (but these days, steer clear of using the latter method). This ensures that it is you who is logging in and not a hacker. I personally use Google Authenticator for these secret PINS or enable Pass Keys which are highly recommended now but again, there are several out there that do this job well and is up to your preference of which you like best.
Final Thoughts
These days, being safe online is mandatory. Following industry best practices, like the 8 4 rule, is simple and highly effective. Don't fall into being lazy or invest in a care-free attitude when it comes to your online safety as the consequences can be quite devastating. When documenting your passwords for reference, ensure that they are well secured and readily available to you in any situation. Please do not jot them down and throw them on your sticky-note board for all to see or to simply fall behind a desk of sofa. Use proper file management. In order to succeed, you must put in the work. Too many people, that I know personally, have had their accounts or systems compromised...even their identity! And of course, they came to me and said "...if I had only just listened to you! I procrastinated and I now have paid a terrible price"!
If you have any questions regarding some best practices or recommendations for proper password etiquette, secure storage or require help with password recovery, let us know in the comments, drop us an email or hit our social channels and we will be happy to offer a lending hand. As always, take care and stay safe!