The other day, when signing into a new site, I came across the tedious act of creating a new password. Despite using a password manager and having random passwords on my favorite sites, for other websites where I do not access where I have the password manager installed, I prefer to create passwords that are easy to memorize, but difficult to guess using brute force techniques. Easy secure passwords creation is key for protecting out information.
“Please create an 8 character password with uppercase lowercase numbers and special characters” but … how am I going to memorize this? I’m on my mobile phone, where do I keep it? Are users really forced to suffer the tyranny of password creation? Where is the balance of usability vs security here? What is the point of still maintaining these kind of password policies?
If we think about how memory works, it is much easier to remember phrases related to us than a word made up of numbers, letters, and symbols. If brute force is the problem, as long as the sentence is long enough we have nothing to fear. For example, that it is easier for you to memorize “m0sKit0- *” or “I-like-to-walk -in-the-afternoons-in-winter”. Which of the two do you think is safer?
I have always believed that users do not have to be security experts to feel safe on the Internet, just as I do not have to know how to build a car to drive it. There are guidelines and regulations to follow and we will learn for our own safety, but companies we should seek to facilitate the management of user passwords as much as possible.
Despite the multiple alternatives to fortify logins such as the multiple authentication factor (MFA) or the single sign on, if for whatever reason we cannot include this kind on login mechanisms on our website, at least let’s think about which option would be easier for the users in case of creating passwords without reducing their complexity.
Here are some basic tips for creating easy-to-remember but secure passwords:
- Use a phrase instead of a single word. This can be a phrase that has meaning to you, such as a favorite quote or a personal motto. You can use the first letter of each word in the phrase to create your password. For example, the phrase “Actions speak louder than words” could be turned into the password “AslbtW”.
- Use a password manager. A password manager is a tool that helps you create and store strong, unique passwords for all of your online accounts. This can be a good way to ensure that you have strong passwords without having to remember them all.
- Don’t use personal information. Avoid using personal information, such as your name, address, or date of birth, in your password. This information can be easily obtained by hackers.
- Use different passwords for different accounts. It’s important to use different passwords for different accounts, especially for important accounts like online banking and email. This way, if one of your passwords is compromised, the others will still be safe.