10 Major Password Problems (and 3 Ways to Avoid Them)

Ah, passwords. In a world that relies on more computers to run just about everything from our bank accounts to our cars, it’s increasingly important to control access to everything around us, particularly our property and our money.  Until it becomes easier to scan our DNA every time we turn on our cell phones (not a fun process itself, I’d imagine), the password is the best method we have to keep our stuff safe.

Don’t misunderstand, there’s a pretty big gap between ‘best method we have’ and ‘ideal’.  As Wired notes, there are a lot of problems that remain with passwords (not the least of which is that a devoted enough hacker, or careless enough customer support, can lead to your account being hacked regardless of your password strength).  Still, a strong password can provide a decent defense in our digital world.  There’s not much sense in changing our passwords regularly if our new passwords aren’t very strong, after all.  We want to avoid these:

10 Major Password Problems

There are a lot of things you can do wrong when you are creating your passwords for your accounts, which will make your passwords easier to guess and your accounts easier to hack.  Whatever you use as your passwords, avoid passwords that are:

 1. Too Short: You definitely don’t want to create passwords less than six to eight characters in length, at least.  Try to aim for the long side, as the longer the password is, the harder it will be to hack through sheer brute force.

Make sure you have a decent password before you hit the enter key
Make sure you have a decent password before you hit the enter key

2. The Same as Your Username: There are very few things you can use as a password that are easier to guess than your username.  (With the possible exception of ‘password’.) If a hacker can copy and paste to get into an account, you need to improve your password creation.

3. The Same Password for Every Site: Even the best password is only good at protecting one site.  You don’t want to give a hacker instant access to all your accounts if they get into one.  Keep your passwords different to keep your accounts safe.

4. Sequences: Things like ‘1234’, ‘abcd’, ‘ABCD’, ‘asdf’ and ‘qwerty’ are among the first things that hackers (or their computer programs) will guess.  Skip them, as well as doing the same letter or number repeatedly (‘1111’ or ‘AAAA’).

5. Real Words: Any hacker worth the title will run throug a list of dictionary words as the first guesses for passwords.  If your password exists in any dictionary of any language, you’re going to be in trouble.

6. Real Names: Names will likely be another main source of first options for would-be hackers, so be sure that your password would not make a good name for anyone, or anything.

7. Personal information: Double threat here.  If the hacker knows anything about you, he or she could use that info to hack your account.  If not, hacking the account could give them personal information they wouldn’t otherwise have.  To avoid both problems, don’t use personal info as passwords.

8. Catchphrases: Almost as easy for a computer to guess are character catchphrases, quotations from movies or famous sayings.  If your movie crazy friend could quote your password without even really trying, you need to use something less common.

9. Any of the Above, Reversed: You don’t improve the above suggestions much simply by spinning them around.  Backwards words, names, or sequences aren’t much of an improvement, so avoid them, too.

10. No Password: The worst option of all is not having a password.  Even in those rare cases where you are able to not enter a password, it’s best to use something rather than nothing at all.

Alright, with all the bad passwords aside, what should you include in a good password?  Typically, it should be (1) Six or more characters at minimum, longer preferred, (2) Consisting of several different types of characters (lowercase letters, capital letters, numbers, and if the system you’re using allows it, special characters like punctuation marks), and (3) Does not fail any of our other problems above.

Add in the fact that you should have different passwords for each website for which you need a password, and the fact that many of us need passwords for dozens of different sites in the modern world (heck, I’ve accumulated over three dozen passwords for job sites alone), and it quickly becomes difficult to keep track of every one.  To help keep you from being overwhelmed, here are

3 Ways to Create (and Remember) Good Passwords

1) Use a Password Manager: With so many places needing passwords, developers have risen to the occasion and created software that will generate random strings of characters, record them, and allow you to copy and paste them whenever you need to do so.  As a result, you’ll be able to maintain lists of dozens, perhaps hundreds, of passwords, without needing to keep them in your memory or record them on a piece of paper.

There are multiple options out there; I am a fan of KeePass, myself, if only because it is free, easy to use, and easy to transfer from one device to another.  (Pro Tip: You can further add to the safety of these password managers by manually adding an extra symbol or two to the end of the passwords you use when you transfer them in; that way, even people who manage to get a hold of your software and hack into it, rare though that should be, can’t get into your accounts.)

2) Writing Passwords Down (in Code): Writing your passwords down is generally not a good idea.  Even if you keep your recorded passwords at home, it’s still possible that someone could break into your house, or that you could simply lose or accidentally discard the record.  If you need to record some passwords, though, you can write them down in code, so that you can remember what they mean, but should someone else get a hold of them, they aren’t any use.

For example, I used to use a system with recorded passwords like this: 262Example1975. The actual password would be Ex19mp75lE.  How to get from one to another.  Well…

  • The ‘262’ part indicates that there are 2 letters, half the numbers at the end, 2 letters, the other half the numbers at the end, and the remaining letters (the 6 is meaningless, as were all the numbers above 5 in my code).
  • The ‘Example’ portion was the main part of the password, with the capital letter mirrored on both sides of the word, so both the first and last letter would be capitalized, as would be the second and second-last if one of those was capitalized, etc.
  • The number 1975 was just a number chosen at random, more or less; it was the year my favorite movie was released.  Pretty tricky, hunh?

3) Create An Algorithm: I realize that merely using the word ‘algorithm’ makes it sound like this method involves complex mathematical formulas and calculations.  In reality, it just means having a formula to turn a simple sentence or easy to remember word into a complex string of letters and symbols.

If you need a method that enables you to create dozens of passwords for numerous sites, all of which you can easily remember but each of which is distinct, you could try the Geek to Live method laid out here, where you take a base password (a string of characters that you can easily recall) and then tag on a few letters for each site (GOO for Google, YAH for Yahoo, AOL for, well, you should get that one).  It seems like a pretty robust method, so long as your base password is complex enough.

There you have it, some basic advice on password management.  How do you keep track of your passwords?  Do you use a password manager or try to create your own?

Leave a Comment

Your email address will not be published. Required fields are marked *