Passwords… bane of the masses…

Love them or hate them they are here to stay, well at least until we all have unique biochemical identification chipsets implanted at birth… but I digress. Most of you probably read the title of this post and thought, “Great, another post about passwords, just what I need to read…”, and you’d be right, I’m about to talk about them.

But, unlike most discussions though I’m not about to tell you how to make strong passwords, suggest you use a specific software product to manage passwords, give you a long winded description of data entropy or generally bore you enough to make you dribble.

What I will be doing though is describing a method to manage passwords that I find makes life a bit easier.

What do you use passwords for?

First things first, lets figure out why you use passwords. Yes yes, I know that sounds like a pretty obvious thing, but understanding why you use passwords is the key to understand how to manage them better.

Here is a few reasons people use passwords:

  • Logging into websites.
  • Securely storing files.
  • Protecting personal information.
  • Generally keeping others out of important stuff.

Whatever your reason to use passwords, you’ll have undoubtedly had moments where you’ve freaked out because you’ve forgotten a password. This is inevitable, it happens to all of us from time to time, and because of it what to a lot of people do?… they use one password for everything.

I’m going to go out on a limb here and tell you that I only use three.

Why three? Why not five? or a unique password for everything?

Because anything beyond three is utter madness. A tiered password strategy is simple to implement and will save you a lot of hassle.

The first step.

If you breakdown the reasons for a password to exist then you start to get at the core of using a tiered password strategy. Why use a 35-character alphanumeric password with 13 capitals and 5 symbols for something you particularly don’t care about?, or at least isn’t world ending if its compromised?

Most commonly, people use passwords for logging into websites. Think about all the websites you login to. You probably use Twitter, Facebook, Webmail and a few others that are the most important to you. These are the few sites that you’d feel pretty annoyed if you were locked out of, or worse the password became compromised.

Once you realise what the most important information you password is, it becomes easy to begin to categorise other things you use passwords to protect.

The three categories I use to figure out which password to use are pretty simple:

Meh, I’m over it.

This password should be used where it doesn’t really matter. If you’re not going to be storing data in the system but you want the password to be secure enough that even if you forget that you’d signed up to the site then you’re at least protected from someone masquerading as you. Use this password for things like those annoying websites or forums that won’t give you any information or a download without becoming one of their members first.

Yep, my personal information is in there.

This password is much more secure than the first tier, something where you’ll be putting personal information up on the site. Perhaps you’d throw up a photo on a profile and put effort into making it reflect you. Think social media, online shopping, internet dating types of sites or systems.

Might as well be nuclear launch codes.

Otherwise known as the OH MY GOD MY LIFE IS OVER password. This password is the most secure, it is usually greater than twenty characters and contains all manner of tricks to raise its entropy to near stupid levels. Here is the password to end all passwords and should be applied to the most critical things like applications to manage other passwords, your email account or other things that you feel most protective of.

It really is that simple.

Now this approach may seem too simple to some people but remember you need a manageable strategy for passwords, not a system that ends up as difficult as a book of IKEA instructions. If you always keep in mind exactly what purpose you are using a password for then applying a tiered password strategy isn’t as daunting as it first sounds.

As I said earlier “I’m not about to tell you how to make strong passwords”, there are plenty of resources and competing theories on how to make robust passwords. The trick however is remembering the three passwords, I’d suggest practicing in a text editor until you memorize them and you’ll even be surprised that with enough practice you’ll generate muscle memory so entering them in will be a breeze… once you’ve remembered them of course!


Follow me on Twitter.