The number one issue with passwords is that you reuse them. The majority of people use the same password on all online sites.
This certainly meets the requirement of ˜easy to remember.™ But it also creates the greatest risk. If a bad guy gets your password from one site, they then try that password on other sites with your username and/or email address. This can be done quickly and automatically with software easily available online.
Of course having a unique password for each site quickly fails the ˜Easy To Remember™ test.
Like it or not, you need multiple passwords, and each of them needs to be strong. There are a small number of goodstrategies to managing all these passwords, and lots of bad ones. The good ones are:
- Using a Secure Password Repository
- Password Tiers
- Password Sequences
A Secure Software Repository is typically an app that runs on your smartphone (and possibly also on your PC) that stores your password list in a strong encrypted format. The use of these apps is discussed further below, but it is a good idea to have one.
The idea of Password Tiers is that you have a small number of passwords, selected based on the risk of compromise.
Tier 1 “ Most Secure. Individual strong passwords for each Bank/Financial institution site, social media site, public email account (e.g. Gmail)
Tier 2 “ Medium Security. One strong password for use with other commonly used, important sites that are not Tier 1
Tier 3 “ Normal Security. A common medium/strong password used on all other sites
Password Sequences are distinct passwords, related by a pattern or sequence. ˜Password01,™ ˜Password02,™ and ˜Password03™ are a simple password sequence. By having a complex password base (as below), with some sequence as suffix or prefix, you can create a set of strong passwords that are still able to be remembered. The caution here is to ensure the sequence is not obvious. If one password is guessed or cracked, the other passwords should not be able to be easily derived.
Combining two or all of these methods, e.g., Password Tiers with a Password Sequence, results in a strong set of passwords, easily remembered and entered, that reduces your exposure from the disclosure of a password.