Remember the dread that arises when you have to update an existing password? You’re wondering whether there could be an easier way of doing it. Should you recycle an old password? Should you let your browser remember the password? Is it secure enough against hackers? Most importantly, will you be able to remember it?
Forgotten passwords are apparently more annoying than sitting in traffic, stubbing a toe or suffering through a meeting that could have been an email. American, French and British participants in ExpressVPN’s survey of 8,000 individuals across the UK, the US, Germany and France ranked only a slow Internet connection to be more frustrating that forgetting an online password.
According to the report, it takes under four minutes on average to reset a password. But people would still rather be doing something more valuable with that time such as reading a book, going for a walk, hanging around family or friends, and so on. Almost 32% of those surveyed feel resetting passwords is a part of life, and about 20% believe there’s nothing that can be done about this.
Have too many of us given up on ever being able to create a secure online password that’s simultaneously memorable? This seems to be the case. So why do we forget passwords after thinking up strong passwords for every other app, website, subscription, and service? It feels like a monumental task not worth repeating unless under extreme duress.
One of the primary reasons might be that we live in an increasingly digital world and end up having to create numerous online accounts on various platforms for work as well as personal reasons. It’s difficult to memorize so many passwords, especially when you have to ensure that they’re complex and you’re being progressively exposed to biometric logins.
Many people try to solve the problem by using the same password for multiple accounts or modifying one of their complex passwords ever so slightly each time they sign up for a new account. Even when resetting passwords, many don’t follow the best practices. 16% of German, 12% of French, and more than 10% of American and British participants admitted to reusing a password from another account when resetting one they forgot.
How to set a hack-proof password that’s also memorable
Given that LastPass has been hacked twice this year, you might have had your faith in password managers shaken. But this is not a frequent occurrence. Password managers securely store the passphrases you’ve created (or randomly generated) in a single place so that all you need is one password or biometric authentication in order to access your various online accounts.
But if you want to go at it the old-fashioned way, create a password that’s memorable to you in some way. At the same time, it should never contain personal data. Say, your name is Crystal and you were born in 1994. You might think “Cryst@l1994” is a great option. It really is not. It’s too easy for a hacker to guess it, given how much of our personal information leaks out through social media and so on. Switch on two-factor authentication where available.
Passwords should be long, and contain a mix of uppercase alphabets, lowercase letters, numbers and symbols. Never repeat passwords in their entirety or with minor variations. Use strong security questions. If you insist on having your browser remember your password whether the latter is randomly generated or not, enable multi-factor authentication at the very least. If biometric security is available as an added measure, that’s even better.
If you really cannot remember passwords and would prefer to write them down (not recommended unless absolutely necessary), avoid including the username and site along with this information. When possible, note down a memory-jogging prompt instead of the whole password.
Is the future passwordless?
Earlier this year, the FIDO Alliance, an open industry association working towards authentication standards that help reduce our over-reliance on passwords, announced that Apple, Google and Microsoft had pledged further support to a common passwordless sign-in standard.
What it means for the harried user of gazillion online accounts is that they won’t have to remember multiple passwords. So when you attempt to access an account supporting this password-free protocol, the website in question will ask you to prove your identity via your phone’s fingerprint or face recognition sensor, for example.
Many apps and sites already allow you to access your account via biometric authentication. But these only permit you to enable such sign-ins once you’ve set up an account complete with user name and password. FIDO’s passkey system lets you create an account on a supported platform with merely your face, fingerprint or phone unlock code.
Alternatively, this tech also enables you to use one of your other trusted devices to confirm your identity by sending the unlock request to the latter via Bluetooth. Of course, this requires that you have a second device such as a laptop or tablet, or another phone nearby. It leaves out people who cannot afford to have a spare device on their person.
Wrapping up
A passwordless digital existence is years away from becoming the norm. Not only do more companies have to embrace the tech, but people also have to willingly give up the vaguely tangible comfort of having their online accounts securely locked behind a password only they themselves are privy to.
Until then, use every means at your disposal to keep your online accounts safe and secure. Creating strong passwords and enabling multi-factor authentication for your accounts is a good start.
