At the risk of causing a riot, do you know how many passwords you manage?
If you are only a moderately heavy technology user, you will be able to count a bare minimum of 20, that are in frequent use.
The current best practice dictates the you should do the following as a minimum:
- Use different passwords for different systems – not the same one for all 🙂
- Create these from a complex series of lettters, symbols and numbers – not using any dictionary word
- Are changed frequently.
So, folks, do you do this, with your 20 odd passwords?
Nope, didn’t think so 🙂
How about this for an alternative policy:
- Use the ‘Lastpass’ or similar service for all non critical passwords.
- Learn mnemonics to help remember the rest.
Or maybe you all use KeyPass, Password Safe or some other management tool?
Regarding passwords, the key appears to be that people use poor passwords because 1) using good passwords (and different passwords for each access) takes extra effort and people love leisure, and 2) people do NOT believe that they are in danger.
They say things like:
– Who would want my password. Who cares about my email, home computer, etc. (denial)
– Cracking is so technical that only a few can do it (ignorance)
– I don’t want to think about that (avoidance)
– They don’t understand that every computer on the internet is connected to every other computer on the Internet (more ignorance)
So what is the solution?
I have formulated the theory that very few people can manage 10 – 15 passwords. Even IT admins who spend all day using passwords, inevitably have to refer to some form of reminder – written or electronic. The savvy admins use some form of mnemonic – but most find this too hard and so either a) look it up or b) ask a mate.
I would submit neither is ideal.
You have to use a password manager. So you remember the 10-15 GOOD passwords you can and put the others in an encrypted pwd mgr.