This post is also available in: Nederlands (Dutch)
Passwords are everywhere these days, and the password overload struggle is real! In an analysis created by Dashlane, a password manager, it appears that in 2019, the average person has 90 different online accounts. This means, 90 times that you struggle to think of good passwords, which you can remember, or, as most people do it, think of one password to unlock them all. Let me tell you straight away: the first option is not a good one (you will not be able to remember 90 good passwords), the second option is simply put plain bad.
Good passwords and medieval cities
Good passwords are not the holy grail, or the all and everything of digital security, but they are a very important component. In these times of Game of Thrones, and other epic movies and series, let’s make the comparison with a medieval city. For the safety and protection, they medieval citizens built big strong walls around the city, and heavy gates to filter those who can come in and those who cannot, or do a total lockdown if needed. The same goes for the castle, and the belfry and the cityhall inside those citywalls. All of them are well protected by heavy walls, and thick heavy doors with big ingenious locks, unable to open without the correct key. But, because creating different keys for every lock in the city is quite a hassle (sounds familiar?), it was decided to create only one key, which fits all locks. And in order to save time and money (sounds familiar too?), the choice was made for a smaller, more generic key, instead of the highly customized, highly secure key that would fit the locks too.
Now imagine, another city wants to invade yours, because you have more gold and other wealth. If they succeed in finding or copying one of the keys of one of the many houses in your city, they would gain access to the whole city and everything in it. Now, take into account that, not only is it easier to copy this easy key, and get in everywhere at once, the opportunity to copy or find the key becomes much much larger, because this single key exists many times more often, and they fit everywhere. So even if the dishwasher of the small local restaurant has been putting out the trash via the backdoor, and lost the key, because he was being uncareful, it would open up and jeopardize the whole city.
But, what if your keys were all different, and highly secure and uncopyable? It would mean that, even if someone found the key to the main gate, every other door would remain locked and safe.
The chain of security is only as good as the weakest link.
The same goes for your passwords. If you have the same password for all 90 accounts, and your password is not really highly secure, it will not take that long until your password got hacked on one or the other badly secured website where you thought you’d wanted an account, but never really used if after that one bored Friday afternoon while you were waiting to go home from the office and get the weekend started. This site being hacked would reveal your single password, and it would be added into the gigantic lists of known passwords hackers are using to get into larger major systems. Since you are using the same password for almost all of your websites, this would mean your account would easily give the hackers access to the system, and from there on they can go further.
The chain of security is only as good as the weakest link. Using good passwords is strengthening those links. Using different passwords for all your accounts is keeping the chains as short as possible, and thus reducing the chance of weak links.
So what are good passwords?
A good password is:
- as obscure as possible
- long enough
- uses as many different characters as possible
- is not human readable
So, long enough, what does that mean? Not 5 or 6 characters, but at least 8, and even more. The longer the better. I start of with 24 character passwords, and step down if the system doesn’t allow them that long.
Different characters? As in, as many different Disney character’s names? No, characters as in uppercase, lowercase, numbers, and if allowed, special characters such as # : – ) & ? ! etcetera. Something that can be done is replacing some alphabetic characters with similar numbers. For instance: Etcetera would become Etc3t3r4. This would already be much more secure than simply adding an uppercase to the word. Add some special characters to the sauce, and take into account the number of characters, and you might get something like this: “Etc3t3r4&0th3rw1s3!;-)”
This would be a pretty awesome, hard to guess, and thus reasonably safe password. But there’s the next catch: these days, the computing power of that thing in your pants, your smartphone, out beats the computing power of many 10-year old computers. Hacking a password like that takes longer than hacking a password that is the same as your last name or that is simply “123abc”, but it’s still reasonably easy. What to do? Well, make your password obscure and not human readable.
A good password would be for instance “sI8%XS!PftyFAvzkd48LgV#u”. No repetition of characters, no meaningful words, not human readable, long,…Yeah, ok, but how on earth do I remember 90 passwords like that from the top of my head? Well…
In comes the password manager
What if I told you there’s a solution for that too? Let me present to you, the password manager! The password manageris a piece of software that will help you create, and keep, good passwords. It’s basically a software vault, which keeps your account details of all on average 90 accounts safe. So, you don’t need to worry about having to remember on average 90 good passwords, you only have to remember one, that of your password manager. Doesn’t that then pose a security issue? Yes, but if you combine 1 strong password with Two Factor Authentication (2FA) for your password manager, I think you are pretty safe.
Password managers come in all shapes, prices, sizes and colors, and I have tried several before. Many of them are great, but miss one or two pieces, which were at some moment in time blocking for me.Until I came across Lastpass, which we’ve been using for a few years now. I still sometimes switch to a new password manager if it looks promising, just to test it out. But up until now, I’ve always returned back to Lastpass.
The links to Lastpass on this page are affiliate links. If you click them, and take a paying account, we may receive a commission. This will NOT cost you any money. My recommendation is based on the fact that I like and use this product every single day (constantly), and is not influenced by the affiliacy.