Passwords ... Passwords ... Passwords .... Some Common Sense Thoughts
I help agents with their computers all the time. I have spent time in the military and have always been amazed at how different organizations deal with password security. At one of my former offices, almost every agent had a book of passwords somewhere in their desk or on the back of their mouse pad or blotter. In the Air Force for years we had to create these passwords that no one could remember, so they were written down, even though we were told not to and about the time the 16 character string with letters upper and lower case and at least one special character and numbers, it was time to change it yet again.
Some people have those key chain displays that give a new code every few minutes. That would make me nuts. Our MLS makes us change every few weeks and if our passwords are at all similar, they are not accepted.
There are all sorts of things that are simple and easy to have good passwords that you can remember. From everything I have read, a 6-digit password that includes numbers and at least one upper and one lower case letter is enough to keep the bad guys away. It’s like which car gets stolen? The one unlocked or the locked one?
Some ideas on how to generate a password: Don't use dates that are in your life, they are too easy to find, but if dates work for you, what about a friend’s birthday? Don't use any name associated with you or initials, but what about ex-significant others or friends of your parents that were important, but not obvious to the hacker. Songs, TV shows, and movies are also good, but don't have your password be Transformers and there is a picture of your son with his Transformer t-shirt on right next to your computer! (Yes, that did happen.) Pet names, but not your current pets, please. Your house number from when you were a kid or part of a phone number from when you were growing up, as long as your parents still don't have it. Part of a former pet-sitter's phone number is my garage door code. It was easy for her, and who will guess that?! It is rare that I can't guess a password in 15 or so minutes or less. And don't make it a movie that everyone knows that you love. Most theft is from someone that knows you.
That said, if you have one password for everything, you have a huge vulnerability if someone hacks that password. I found a great solution to that, courtesy of my brother. He is a CIO for a group like NAR so he gets it. (most of the time) Add a part of a website to your stock password or purpose of site...
For example...
if your password is 123aBc, your password for AR could be 123aCtiveaBc. You can get as creative as you want with that. You can just add first letter or last letter and if it is a vowel you can use uppercase or whatever. This seems to be the best solution that keeps the bad guys away. I don't want to say too much more as that I will start to give away too many of my secrets and I don't want to have to change my system.
Hope this helps with what is becoming a big pain and if you are like me you can't stand paying for a password keeper program, although Apple is pretty good at that on its own...HEAR THAT, BILL???
Passwords aren't all that hard to remember. What's hard is remembering which password goes with what account. And, then there's Yahoo who would not communicate with me about a security issue unless I could supply them with my first two security questions -- not the answers, the questions which I supplied to them in 1995. Never did get to communicate with them.
My issue isn't coming up with the password as much as it is remembering them. 5 different emails, social media etc etc. There must be a couple dozen things I have to log into. Aside from your suggestion of a base email with characters specific to the account, I group passwords according to business, personal, etc. It becomes easier to remember, and less likely that hackers can access everything.
The gurus say we should have different passwords for different accounts, and very difficult to set up and remember.
I thought that I had a great password algorythm going (8 characters with a mixture of letters, numbers, special characters & caps), but when setting up a password on a new software system the other day they rated my password as "weak". How crazy must it be getting if that's not safe enough?