Our world is becoming more and more connected. Almost all of our data is now "cloud based," meaning it's stored on a server somewhere. Email, banking info, medical records, you name it. Even somethings as basic as a video game will often use a cloud based backup service to save your progress that allows you to pick up where you left off when you switch devices. This is true even if you don't personally elect to do so, as businesses also maintain customer data on cloud based servers to protect against data loss (such as a tornado destroying their main office). Passwords are used to only allow legitimate users to access cloud based data. You can't even setup a smartphone without a password.
Obviously we don't want just anyone being able to access your info, which is why passwords are so important. They need to be complex and individualized so they they are not easily guessed, but you can not just simply make up a random string of characters and forget about them. Many services will keep you logged in, but what happens when you are logged out? I've seen this situation popping up more often lately on the forums here. A user will have an issue where they need to log into something, but they don't remember their password. Most every service has a password recovery option, but this isn't foolproof. For example, if it's your main Google account and you had to factory reset your phone for some reason, you could be left with a paperweight if you can't enter your info to get through the factory reset protection and don't have another device like a computer to attempt recovering it. Even with using password recovery, I've seen some people having trouble getting into their phone after resetting the password.
So what are your options? I'll run through a few, from the least to most secure.
Since anything is better than nothing, using the same password that you can remember across all accounts will be good for convenience and give you some protection. But what happens if someone guesses that password (so don't use 12345, ABCDE, or anything else easily guessed)? They now have the keys to your kingdom. So this isn't even considered a real recommendation from a security standpoint. You really do need individual passwords that are long (10 characters or more) and have a mix of characters.
One recommendation I use to see a lot was to create mnemonic passwords. Something like Imr34lLyH4pP¥ (I'm really happy) would be an example. It has a mix of upper and lower case letters, numbers, symbols, and is fairly long. Their are a couple of problems with this, though. There are password dictionaries out there on the dark web. When a hacker tries to brute force attack an account (meaning just guessing every possible combination), they write a program that tries password entries automatically. The programs use these dictionaries to make their guesses, and there are dictionaries specific to these types of passwords, only numbers, only letters, etc, and makes guessing such passwords much easier. The other problem is the number of passwords we need keep growing. Some sites are able to use services like Google or Facebook accounts to log you in, but a lot of places don't. As your list of passwords grows, the harder it becomes to remember even these "easy to remember" passwords. I'm up to 76 different password protected accounts. No way I could remember all of these regardless of what tricks I used to remember them.
One of the best methods I've found is using a password manager. This program will help you create and store very complex and individualized passwords for any account you need. Instead of remembering all of them, you create one very strong "Master Password," then you simply log into it whenever you need to retrieve a password for something else. Because you now only have to remember the one password, it can be as strong as you need but more easily remembered.
For a more detailed discussion on Password managers, check out this article.
https://m.androidcentral.com/why-you-and-your-family-should-be-using-2fa-and-password-manager
And for help on choosing the best, check out
https://m.androidcentral.com/why-you-and-your-family-should-be-using-2fa-and-password-manager
Some things to consider are costs of the manager (though many are free), their security measures, if encryption/decryption is done locally on the device you're using, do they have a password generator, cross platform usability, auto-fill options, and general ease of use. I personally use Last Pass, which checks all those boxes and more, and is free (though I subscribe to the paid plan). There are many others that are also very capable, but I don't have any personal experience with them.
One bit of a security vulnerability note with password managers is it's not recommended to use a PIN number to log in. These are often used as a quick login once you've used your master password, but they very easy to break through a brute force attack. Always login with either your master password or a biometric (fingerprint or iris scanning).
If you have trouble remembering your master password, then you will need to take steps to do so. Either by making it a little less secure but easier to remember or writing it down somewhere. Some managers may also have a hardware backed authentication where you use a physical USB key or similar. What I did was modify one of my old common passwords I was already use to, making it both more secure and complex.
I would also suggest you make one more easy to remember but strong password for something like your Google account. Because we are such a mobile based society, you definitely want to remember this in case the worst happens and you have to reset a phone. Remember, a password manager app will not be on your phone by default, nor will it have your info on a fresh install or even be usable until after the setup process is complete. If you can't remember that password to get into your phone, then hopefully your manager of choice is cloud based and you can log in from another device to retrieve that Google password.
Long story short, passwords are not to be taken lightly and making up random ones you don't remember just to setup a phone or other account is only asking for trouble. There are options out there that help you keep track of these while remaining very secure. Use them.
Obviously we don't want just anyone being able to access your info, which is why passwords are so important. They need to be complex and individualized so they they are not easily guessed, but you can not just simply make up a random string of characters and forget about them. Many services will keep you logged in, but what happens when you are logged out? I've seen this situation popping up more often lately on the forums here. A user will have an issue where they need to log into something, but they don't remember their password. Most every service has a password recovery option, but this isn't foolproof. For example, if it's your main Google account and you had to factory reset your phone for some reason, you could be left with a paperweight if you can't enter your info to get through the factory reset protection and don't have another device like a computer to attempt recovering it. Even with using password recovery, I've seen some people having trouble getting into their phone after resetting the password.
So what are your options? I'll run through a few, from the least to most secure.
Since anything is better than nothing, using the same password that you can remember across all accounts will be good for convenience and give you some protection. But what happens if someone guesses that password (so don't use 12345, ABCDE, or anything else easily guessed)? They now have the keys to your kingdom. So this isn't even considered a real recommendation from a security standpoint. You really do need individual passwords that are long (10 characters or more) and have a mix of characters.
One recommendation I use to see a lot was to create mnemonic passwords. Something like Imr34lLyH4pP¥ (I'm really happy) would be an example. It has a mix of upper and lower case letters, numbers, symbols, and is fairly long. Their are a couple of problems with this, though. There are password dictionaries out there on the dark web. When a hacker tries to brute force attack an account (meaning just guessing every possible combination), they write a program that tries password entries automatically. The programs use these dictionaries to make their guesses, and there are dictionaries specific to these types of passwords, only numbers, only letters, etc, and makes guessing such passwords much easier. The other problem is the number of passwords we need keep growing. Some sites are able to use services like Google or Facebook accounts to log you in, but a lot of places don't. As your list of passwords grows, the harder it becomes to remember even these "easy to remember" passwords. I'm up to 76 different password protected accounts. No way I could remember all of these regardless of what tricks I used to remember them.
One of the best methods I've found is using a password manager. This program will help you create and store very complex and individualized passwords for any account you need. Instead of remembering all of them, you create one very strong "Master Password," then you simply log into it whenever you need to retrieve a password for something else. Because you now only have to remember the one password, it can be as strong as you need but more easily remembered.
For a more detailed discussion on Password managers, check out this article.
https://m.androidcentral.com/why-you-and-your-family-should-be-using-2fa-and-password-manager
And for help on choosing the best, check out
https://m.androidcentral.com/why-you-and-your-family-should-be-using-2fa-and-password-manager
Some things to consider are costs of the manager (though many are free), their security measures, if encryption/decryption is done locally on the device you're using, do they have a password generator, cross platform usability, auto-fill options, and general ease of use. I personally use Last Pass, which checks all those boxes and more, and is free (though I subscribe to the paid plan). There are many others that are also very capable, but I don't have any personal experience with them.
One bit of a security vulnerability note with password managers is it's not recommended to use a PIN number to log in. These are often used as a quick login once you've used your master password, but they very easy to break through a brute force attack. Always login with either your master password or a biometric (fingerprint or iris scanning).
If you have trouble remembering your master password, then you will need to take steps to do so. Either by making it a little less secure but easier to remember or writing it down somewhere. Some managers may also have a hardware backed authentication where you use a physical USB key or similar. What I did was modify one of my old common passwords I was already use to, making it both more secure and complex.
I would also suggest you make one more easy to remember but strong password for something like your Google account. Because we are such a mobile based society, you definitely want to remember this in case the worst happens and you have to reset a phone. Remember, a password manager app will not be on your phone by default, nor will it have your info on a fresh install or even be usable until after the setup process is complete. If you can't remember that password to get into your phone, then hopefully your manager of choice is cloud based and you can log in from another device to retrieve that Google password.
Long story short, passwords are not to be taken lightly and making up random ones you don't remember just to setup a phone or other account is only asking for trouble. There are options out there that help you keep track of these while remaining very secure. Use them.
Last edited:
Facebook
Twitter
Instagram