Let me just say this right up front: I am not a technical expert. I do know more about some techie things than some people, but I am far (very far!) from being an expert. I started by sending emails to a list of friends with some basic tech tips and before I knew it, I had started a tech blog.
That said it doesn't take a tech expert to tell you that passwords such as "password" and "123456" are just lame. But I agree it becomes difficult to repeatedly come up with new passwords that are also memorable.
Declan McCullagh over at CNET wrote a program that identified the top 20 email domains along with the most frequently used passwords, a list worthy of reading for sheer entertainment value if nothing else. (I can see where "princess" might be popular but "monkey"? And wouldn't you think a writer could come up with a better password than "writer"?) It takes some degree of computer smarts to even know the word "qwerty," which is number ten on the list, proving just how lazy we can be when it comes to password management. (You may have heard the term "qwerty keyboard" and wondered about its origin. Look down at your keyboard at the letter "q". Now look at the letter just to the right of the "q", and the next and the next. Get it? And just how does that differ from "123456"?) Lastly, Declan's list shows that baseball truly may be America's pastime, as "baseball" is number 19 on the list of most commonly used passwords.
On the other hand, we may not need to change all of our passwords quite as frequently as we sometimes hear. I'm inclined to agree with security expert Bruce Schneier when it comes to determining how frequently to change one's passwords. In his brief and very readable essay entitled "When to Change Passwords," he says, "The answer depends on what the password is used for."
There are those among us who use the same password for every site. I used to do that too -- until my Yahoo account was hacked earlier this year. Then I finally took the admonitions to change my password(s) seriously. You may be familiar with that one yourself -- you discover that "you" have sent an email with what is likely an embarrassing link to every single person in your address book.
Help is out there. There are an increasing number of companies providing tools to help you generate and remember passwords. But take a step back and use caution before feeling like you have to take action and download an application from the Internet. For one thing, it may prove difficult to use and consequently will be a waste of your money. Read the reviews. I can't tell you that enough. I've said it before in previous posts about apps and this is no different.
In addition, just because you pay for something doesn't necessarily make it better. There is some very good software available that costs nothing, unless perhaps you choose to make a donation to the developer or download a version with more options. Two free options for password management, available for both PC and Mac users are LastPass and KeePass. Trying to decide between the two? Read the FAQs and the user comments to help you with your decision. You can find other software solutions by searching for "password security."
Here are my top five tips for passwords:
1. Use a combination of numbers, letters, and whenever possible, symbols. (Some sites do not allow the use of symbols).
2. Use a different password for your banking info than you use for any other site. Ideally, you should use a different password for each financial institution. In fact, you should be using different passwords for every site, but could you commit to doing this at the bare minimum?
3. The MINUTE you hear of a security breach for a website you use, change your password. (And when changing your password, use a method of verification that does not involve having a link sent back to you at the breached site. Instead, have a text messages sent to your phone or answer security questions online.)
4. Never share your password with anyone.
5. Do not store your passwords on your smart phone or computer, and especially don't store them in a file labeled "Passwords."
And while it has been published elsewhere, I think it bears repeating. Here is a site you can go to, plug in your email address, and see if you are one of the 400,000 plus Yahoo users whose passwords were recently breached. Good luck!