Getting out of Password Hell

A while ago I realised that my online life was in password hell. I was using literally hundreds of sites and services that required passwords, but they were held together with a confusing mess of old passwords that I’d mostly forgotten, numerous passwords which were being used on more than one site,  passwords that didn’t meet the usual complexity rules usually required across the Internet, and so on. I often found myself having to do a password reset just to access a site, and of course that new password became yet another one I had to remember. Or forget.

I felt things were a little bit out of hand so I finally took a few steps to clean up my digital life.

First, using the same password for everything is an exceptionally stupid idea. Instead, I came up with my own system that helped me create hard-to-guess, but easy-to-remember passwords that I could apply to any site.  Having a clear system for this meant that when I signed up for some new online service I could quickly come up with a password that was memorable while also being unique to that site. It really helps to have a system. I made sure that my system always met the minimum complexity rules usually found online… that is, they contained uppercase, lowercase, numbers and symbols and were at least 8 characters long. If you do nothing else, come up with a system for your passwords! It’s so frustrating when you attempt to log in to a site that you’ve been to previously and can’t remember your password. So come up with a system for yourself, and please don’t just use the same password everywhere!

Secondly, I turned on multistep or 2-Factor authentication  for passwords on every site that offered this option (and there are a lot of them now). This is probably the single biggest thing you can do to improve the security of your online life. If you go online and don’t use 2 factor authentication, you’re not really serious about your online security. It’s that simple. I find it both amusing and frustrating when I hear people questioning the security of online services, and then find out they don’t use 2-Factor passwords. If you don’t use 2-Factor on every site that enables it,  please, don’t ever complain about the dangers of online security.  It just makes you sound silly. It’s not hard to set up, and if you use something like Google Authenticator to manage your second factors, it’s very simple to use.  The minor inconvenience of having to enter the second factor is far outweighed by the added security. Trust me on this. Turn it on. Now.

Finally, I set up a password manager. I chose LastPass,  but there are others. It took a while to get my head around how LastPass works but once I did, it made life so much easier. If you want to try LastPass for yourself you can get it on this link.

If you are in password hell like I was,  take some of these positive steps to sort it out.

CC BY 4.0 Getting out of Password Hell by Chris Betcher is licensed under a Creative Commons Attribution 4.0 International License.

3 Replies to “Getting out of Password Hell”

    1. Why did you read this article? I guess only you can answer that one. Why DID you read it? 🙂

      You seem to be implying that reading it was a waste of your time. Sorry about that. I tried to make three very clear suggestions for your passwords…

      1. Come up with a system for your passwords.
      2. Use 2 Factor Authentication on every site you can
      3. Use a password manager like LastPass or OnePass

      If you’re asking what the password system is, well I’m not about to tell what my system is. That would be dumb. You need to come up with a system for yourself. A good password should be hard to guess and easy to remember.

      You can assume that all passwords need to be at least 8 characters long. You can assume that most passwords need a combination of letters, numbers and symbols. So if you develop a “core password” that meets those requirements, you can use that part of it everywhere, but then you build in a systematic way to include a “site variable” component.

      For this site variable, try incorporating something from the website itself into the password. So if it’s Facebook for example, you might like to include “fb” in the password somewhere. That is the basic idea.

      So lets’ say your “core password” is “c@t$&D0g$” (which is just Cats & Dogs with some character swaps for complexity) – it meets the general complexity requirements for most passwords and then for your Facebook account you add “fb” to the start or end of it.

      So your Facebook password might become fbc@t$&D0g$.

      Twitter might be something like twitc@t$&D0g$
      Gmail might be gmc@t$&D0g$

      And so on…

      Just a suggestion. And no, this is not my password I’m sharing. Although with 2 Factor Auth turned on, it wouldn’t help you much even if it was. You’d still need my password, and my phone, in the same 30 second window of time, for it to do you any good.

      Have fun.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.