<< Back to Articles
Passwords, p4ssw0rds, pa55Word5
If I had a $5 note for every time I retrieved or reset someone's password when they'd forgotten it or hadn't written it down, I'd have... well, about the same amount of money I have now. It takes anywhere between 1 and 10 minutes to get a password back, depending on the account in question. One problem for many users is that some programs confuse you a bit by remembering your passwords for you. I can't recall the number of times I've had a client tell me they don't have an email password, when what's actually happened is their web browser remembered it the first time they entered it, and they haven't been forced to remember it since.
But if your computer breaks, or software needs re-installation, you're going to need that password again. So here's a bunch of best practices for creating passwords and recalling them, based on my experience and the advice of security experts:
- Don't re-use your passwords for different accounts: because if someone hacks one account, the first thing they'll do is see if they can get into other common services using that same password and the email address associated with it. At the very least have different passwords for important services like banking, email and facebook.
- Make your passwords long: the more characters the better. Somewhat counter-intuitively, "$%FG" is not as strong a password as "thebrownfoxranoverthelonghill". You don't have to write a novel, but 8-13 characters aught to do it.
- Use two-factor authentication where possible: this usually involves giving the service your mobile phone number, so that when you log in from a different location, it'll text you a pin on your phone that allows you to log in. Can be annoying, but it does mean no-one can hack your account without your phone. Sometimes a service will use an email address instead of a phone number.
- Don't record your passwords within the computer: for example within a Word document or text file. Pen and paper is more hacker-proof! Keep an easily-identifiable notebook or journal specifically for your usernames and passwords, and clearly write which username/password is associated with which service. If you get robbed you might lose it, but the same thing will happen if someone steals your computer and you have them written in there!
- Do write down your passwords! If an account you own is hacked and the password is changed by the hacker, the first thing a company like google or facebook will ask you for is the previous password, to prove you're the original owner. If you don't have it, things can get tricky. I guarantee you that at some point in the future (even if you're closing the account) you are going to need that password again. If you don't have them written down, you might end up calling someone like me instead!
Bottom line: keep your passwords smart, hidden, but not hidden from you.
- Matt Bentley, computer expert at Bentley Home PC Support.
Email firstname.lastname@example.org or phone 0211348576.
Click here to go back to the main page.