This is why passwords need to die

Password Security Strategies

Every other week it seems like we have to create new passwords that are increasingly complex and difficult to remember, with more requirements for capital letters, numbers and symbols aimed at preventing hackers from accessing our account information. Even worse, some sites even tell us to periodically change our passwords, which means that just as we’ve finally gotten comfortable with the passwords we have, we’re forced to memorize new ones. Wouter Smet, who is “employed as Growth Hacker at social media management software company Engagor,” has written a very thorough guide to help people create smart password strategies that also shows us just how ridiculous the standard password system has become.

Essentially, Smet thinks you should create several different types of passwords for different devices and services. So for example, you should create one password specifically for devices and services that you’re likely to share with others such as family laptop, another one for work-related applications, another one for your work email, a password for your bank that is “long” and “impossible to guess,” and a host of other passwords for other apps that are part “gibberish” and part app-specific.

“It’s reasonably doable to remember this (especially since you’ll be typing your gibberish string over and over again), it never gets complaints from an app that it’s not secure enough (au contraire!) and it feels more secure than any other ‘password habit’ I have tried or seen so far,” Smet writes.

Even so, Smet’s strategy still involves the creation and memorization of countless several for a host of different functions, which is something that still seems like a major pain point for a lot of users.

The good news is that the biggest brains at Google, Microsoft and other big companies have started plugging in resources into initiatives aimed at killing the password once and for all. Google and Yubico, for example, are working on a USB dongle called the YubiKey Neo that will essentially act as a skeleton key for all of your online accounts that will require only one user name and PIN and will send encrypted data to your Chrome web browser to authorize access to all of your online accounts.

Source:
Wouter Smet
blog comments powered by Disqus