Passwords are complicated, especially because they’re important. We need one for our bank apps, our social media profiles, our streaming services, loyalty cards, grocery stores — the list goes on and on and on and seemingly doesn’t stop. Neither do the complicated and never-ending requirements for passwords. We need a capital letter here, a symbol here, some numbers. It’s demanding, messy, and it’s tempting to cut corners.
A lot of us do. As we go into the new year, it’s time to overwhelm that instinct and steelman our passwords.
Here’s why (most) passwords are so bad
We’ve already learned that most of us make pretty terrible passwords, with the vast majority of these passwords taking hackers a whopping 1 second to crack. It’s 2021, and tens of millions of us are still pulling out classics like “qwerty,” “password,” and “123456789.” It’s enough to make some tech companies even consider dropping passwords altogether.
“We try and make things easier for ourselves. We often rely on known and personal words and phrases,” Microsoft’s blog post touting a password-less future, “One of our recent surveys found that 15% of people use their pets’ names for password inspiration. Other common answers included family names and important dates like birthdays. We also found 1 in 10 people admitted reusing passwords across sites, and 40% say they’ve used a formula for their passwords, like Fall2021, which eventually becomes Winter2021 or Spring2022.” Jakkal added that “weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second — that’s 18 billion every year.”
explained in aAlternatives to passwords
Microsoft’s solution is simple. Avoid using passwords if necessary and take on alternate means of authentication like its authenticator app. It’s a step to a password-less future that Apple and Google are moving towards too. There’s still an argument to be made to beef up your password. Sure, you might be safer in absolute terms not having a password and switching entirely to an authenticator app or security key, but not every service you use will give you that option. Working on your password game is one of the best things you can do to increase your security right now.
How to audit your passwords
The good news is that it is pretty easy to audit your passwords, provided you’re someone who saves them into your browser or phone operating system. Earlier this year, I used Google’s built-in Chrome checkup to audit all my passwords. It takes around an hour for someone with a lot of passwords, and it’s pretty easy to use. Repeated passwords are alerted, easily guessed passwords are brought to the forefront, and hacked passwords are highlighted. Google will let you click directly to the affected site’s password change workflow in many (but not all) cases. Apple offers the same thing with iCloud Keychain in the newest versions of iOS and macOS.
Use a password manager
When it comes to making new passwords, the best thing to do is to stick to those annoying but complicated auto-generated passwords. Your browser can do it nowadays — though a dedicated extension could be better. You should also consider using a powerful password manager like LastPass or 1Password for a more robust and cross-platform experience.
Once again, passwords are messy and annoying to get right, but getting them wrong for the sake of convenience can be costly. You could lose privacy, access to your online accounts, or even money. When the stakes can peak higher than you can reach, sometimes it’s worth it to take some time and gift yourself that extra peace of mind.