What to do with passwords

Passwords, a necessary evil it seems. They serve their purpose, protect our sensitive information, but to say I enjoy writing my password? No. I recently bought the new iPhone, and I really really enjoy my touchId fingerprint reader as I don’t have to type in my entry code every time.

More characters is more safety

We have passwords, and we have to remember them. However, they also need to be “secure”. You won’t get away with a simple five character word, although a lot people I meet and know still have those. Five characters will require less than 1 second to brute force by a computer algorithm. So, to make them useful and protect your information you need a long password.

Creating a long password is actually easier than it sounds. By combining the words of a sentence to one long word string you created a pretty bad ass password. Let say: “I always walk to the bar on friday at 8 in the morning” becomes “ialwayswalktothebaronfridayat8intheevening”, easier to remember than “98{sfdsf$#dssdf” and still pretty save.

Divide and conquer

The next challenge is to use a different password for each service you use. Once somebody figures out your favourite password it is easy to try it at a bunch of popular services to get access to more or your accounts. One of the things you could do to prevent this is have a base password and diverge a small part for each service.

Using software

All great solutions, but in the end it still was a lot of work for me and I ended up reusing my password a lot. That is, until I found out you can actually use software to manage your passwords. For about 2 years now I have been using 1password, it is a great tool that uses a master password to protect all your passwords. So once you log in it can automatically fill in your credentials on websites so you don’t have to remember complicated 20 character weirdness. This allows me to just remember 1 password and be done and secure with the rest.

Other interesting features include watchtower that alerts you whenever one of the services is hacked or had a vulnerability leak. It is a payed product, but free options exist. Friends of mine seem pretty happy with enpass.io. You can also use your browser password manager, or if you have a mac keychain.