Open in app

Sign in

Write

Sign in

A password hack to help you stay safe(r)

Passwords are hard to remember. So why bother?

Paul Walsh
METACERT
Published in
2 min readSep 12, 2019

--

The best and most secure password is a password made up of random characters and at least 16 characters in length. But it’s well-documented that humans are terrible at being random. So I decided to write about my simple hack to help people create stronger passwords for websites that they don’t care too much about.

The hack

Ready? It really is this simple…

Slap the keys randomly on your keyboard — without thinking about which keys too much. Be sure to hit at least 16 and move between letters (uppercase and lowercase) and some numbers — do it without thinking about what you’re doing.

That’s it — you now have a unique, random password that’s cost prohibitive to hack — provided you hit random keys like this Jmxy7sxoatFbZJb7udFyEhF

But what if you forget your password?

Simple. The next time you need to sign in, simply do a password reset and create a new password in a similar fashion.

This is much safer than creating “memorable” passwords.

Why you don’t want to use memorable passwords

Two reasons:

  1. They’re easy to hack — don’t even bother trying — they can be hacked.
  2. You will end up using the same password on more than one website — there’s no way you can remember that many passwords — even if you change the last digit on the end of each one — it’s not safe. Even if you create the same massively long, complicated, secure password you are not safe if you use the same password across multiple websites.

When one of the websites you use is compromised and your credentials are sold to bad actors, they’re not hoping to access your account on the site that was compromised — you will have changed your password after reading about the hack — or after the company forces a password reset. What they do is check lots of other websites to see where else you used that username/password. And the chances are, you haven’t changed the password on any other website. Now they have access to those accounts. This happens a lot — it’s not infrequent.

You should never use a password more than once.

When it comes to important products and services I highly recommend the use of a password manager along with enabling app-based 2FA.

Good luck and stay safe :)

Security
Passwords
Cybersecurity
Phishing
Malware

--

--

Paul Walsh
METACERT

Written by Paul Walsh

1.91K Followers
Editor for

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams