My bank recently demanded that I change password. I know that it’s a good practice to change passwords periodically, so I understand why they did it. It’s an annoyance but an understandable one and I go along. But then they posted this on the password change page:
Best Practices for Stronger Passwords
- A unique password not used anywhere else.
- UPPER and lower case letters along with numbers and special characters
- Your username or email address.
- Personal information (your name, phone number, etc.).
- Common words or phrases in your password.
- A password you’ve previously used with us.
- Writing down your password.
- Sharing your password with anyone.
- Saving your password in a browser.”
Can you see the problem here? They want you to create a unique password that doesn’t use anything that’s easy to remember, then they tell you not to write it down or save it in your browser.
Excuse me? At my age it’s hard to remember my own birthday – and it happens to coincide with a major holiday! They think I’m going to remember a long password full of strange characters with no logical relationship to each other? Worse yet, every other one of the hundred or so sites I log into periodically insists on the same thing.
So—major confession here—I write down my passwords. They’re in a small notebook that lives in my desk, though not in an obvious place. And I work from home, where I live with just my husband. I figure if someone steals my password book, even if they can figure out my system and my handwriting, I have more serious problems than someone getting into my online accounts.
Even back when I worked in an office, I wrote down my most important passwords and kept them on a piece of paper in my wallet. I guarded it closely.
Obviously we need a better system.
Two-factor authentication is one approach. I find it annoying, but it does provide some extra security. A password keeper like LastPass is also an option, but, honestly, I have a trust problem with all of the companies that provide the software. After all, one hack into their system exposes everything!
Biometrics (like the iPhone’s fingerprint or facial recognition for login) is even better, but it has to be built into the hardware and we’re a long way from that across the board.
So for now, I use long, complicated passwords to foil would-be brute-force attack hacks. I write them down because I can’t remember them, and do my best to keep the written copies secure. I hope someone can come up with a better and more secure system to protect us.