7 rules to ease the password pain

Pretty secure, but that 62 character password is going to be a bit hard to remember

Rule 1. Use a unique password for every website

  • don’t ever use a password on multiple sites

Rule 2. Use long passwords

  • at least 13 characters, preferably more than 16

Rule 3. Include some random characters

  • including upper case, lower case, symbol, number

Rule 4. Don’t follow common patterns

Don’t use any of these:

  • personal information eg name, birthday, pet, address, colour, etc, etc
  • common letter substitutions eg a = @, e = 3, o = 0 (a.k.a. leet-speak)
  • phrases eg song lyrics, bible passage, aphorisms, any normal sentence

Random unrelated words (at least 4) are OK so long as all the other rules are followed

Rule 5. Only store passwords in a secure location

  • None of these are acceptable: Fridge, sticky notes, diary, wallet/purse, spreadsheet
  • Almost anything convenient for you, will also be convenient for the bad guys

Rule 6. Security is important, but so is convenience

  • if your system is too hard to use, you will end up breaking one or more of the rules

Hangon! Those rules make the pain worse not better. Yes, that’s why we need a Rule Zero…

Rule 0. Use a secure password manager app

  • Remember just 1 strong password, and let the software handle all the others
  • Let the software generate and store and fill in a unique, long random password for every site
  • Recommended: Lastpass (free), 1Password (pretty), KeePass (open source)
  • Don’t use the password manager built into your browser — turn it off
  • A good password manager will change your (online) life

Bonus Rule. Use 2 factor authentication for all your critical accounts

  • As a bare minimum, use 2FA for your primary email and Google and Apple accounts
  • 2FA reduces risk from stolen passwords, phishing attacks & other password hacking
  • Apps like Authy or Google Authenticator work for many sites
  • The app generates a new code every 30 seconds using a secure time based calculation
  • If possible, avoid 2FA that relies on SMS messages (which are hackable)

We’re stuck with passwords for now. Follow these rules and you can safely use the internet without all those passwords hurting your head.

Like what you read? Give David Furphy a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.