In a digital world such as the one we live in, it’s impossible to escape the inevitability of passwords. They’re everywhere and everyone has at least one, if not multiple. You can’t deny the inescapable truth that you will have to use a password. Most people these days have Facebook (you can then use Facebook to login to other things too), Snapchat (be honest, how many of you remember that one), Twitter, email, Uber, online banking, travel apps (Trainline, Stagecoach, airlines, etc.) and many, many, many more. It is impossible to exist in this world anymore without becoming overwhelmed with passwords. How can you possibly begin to come up with, never mind remember, all of these dozens and dozens of passwords? Well, be honest, do you really even try?
Most people reading this I imagine don’t come up with a new password every time they sign up for something. Most people have three or four passwords that they use on a cycle. I know I did for a very long time. It’s really easy to just pick one password that you’ll remember and use it for everything. How do you remember that password though? Well, if you pick a memorable word that means quite a lot to you, like part of your name, your dog’s name, maybe your birthplace or a song or movie that you particularly enjoy. That’s rarely enough, most websites ask you to stick some numbers on there. Well I know my birthday so let’s put that on there. You now have something that looks similar to this: dieHard1998. Maybe you think you’ll be clever and replace that ‘o’ with a zero, or an ‘e’ with a 3. Sorry to burst your little bubble, but if you can think of it, a hacker can definitely guess it. If the above sounds familiar then I want you to consider very carefully what I’m about to say…
You are vulnerable.
This is a subject that I get into quite a lot when I talk to people about cyber security and your online identity. If you’re anything like I was when I was a kid you would sign up for random websites to play games, watch movies and download random crap. That’s all well and good, but if you’ve been using the same password all this time it would be very easy for someone to hack that website (as hackers tend to do) and steal all the credentials. Some smaller websites are foolish enough to store passwords as plaintext, or using some broken hash function. In this case it is very easy for them to try this password on your email and VOILA! They have access to your entire digital life. If you’re interested there is a repository on a website called GitHub that contains millions of common passwords that you have likely used for something at some point. You can find that here. You can also check if you have signed up to a website that has had a well known security breach by using haveibeenpwned.com.
So, yes. You are almost 100% in danger of having part of your life hijacked because you have bad passwords or you use the same password for multiple things. You need a way to make better passwords and you need a way to remember them all. Using the same password for everything is almost worse than using “password” as your password. If some random website does get hacked and your password becomes known, it will be used to try every common service that you might be associated with (Facebook, Gmail, Bank Accounts, etc). So you need a different password for everything. Writing them in your notes on your phone or on a book at home is no good; phones can be stolen and houses are broken into, don’t make the ordeal worse by losing everything online too.
This web comic from xkcd.com describes the problem and solution for new passwords quite well. If you want to go all out and pick truly random series of words check out diceware. The memory problem still exists when you repeat this over all the passwords you own: how can you remember them all without writing them down?
The solution for both problems is what is known as a password manager. A password manager is an application that creates random passwords (based on a set of rules such as length, inclusion of numbers, special characters, etc) and stores them for each site that you use. A number of password managers are available as standalone applications, apps and web browser extensions, meaning you can access your passwords from anywhere. The browser extension variations will also auto-fill your passwords for each website that you access. There are a wide variety out there such as KeePass, Dashlane and 1Password which provide password generation and storage. Personally I use LastPass which offers all of the utilities I’ve described for free. The only thing you have to do is spend a little time copying all of your saved passwords form your browser, phone and notes into the manager before deleting ALL OTHER TRACES of them and you’re golden. LastPass even offers a utility to automatically change the password of some common services such as Twitter and Facebook.
Beyond that you’ll have a master password which you will use to unlock your personal vault. Just make sure you don’t choose password123.
What Should I Take Away?
Your password is your lock to your digital life. Your social media, email, laptop, bank account, exam results, phone and shopping are all secured with your passwords. Big companies get hacked all the time. Don’t think you’re safe because big companies want you to be. Be safe because you want to be.