Pick a password you can’t remember and don’t write it down…

By | September 26, 2016
This content is 3 years old. Please, read this page keeping its age in mind. Thank you.

If you’re anything like me, you probably have more passwords than you’d like. Passwords for your email account, maybe for logging onto your computer, for online shopping at all the different places you buy from, for Skype…

And you’re always told to choose a different one for each place. Not always easy!

But it makes sense – and here’s an example of why. Not long ago, the online radio station Lastfm were hacked into. And all their lists of people who used their services – including passwords – were stolen.

Now, they shouldn’t really have passwords stored in “clear text”. It’s possible to have them stored in such a way that you can check someone has entered the right password without actually storing the password. (Best not ask me how – I find this stuff fascinating and will go on for ages about trapdoor codes and the problem of factoring large numbers.) But for whatever reason, that wasn’t the case here… and that’s not too unusual.

The thing is, in itself it’s not so bad that the account at Lastfm was hacked. After all, it means someone can log in to your radio account and listen to you music, at least until you change your password. That’s not disastrous. And Lastfm will have blocked all these accounts until the passwords were changed as soon as they found out about it, anyway.

But the issue is if you used the same password for something else. Say your online bank or a shop. (Actually most banks don’t just use a password – partly for this very reason.)

Now the hackers have an email address and a password that you’ve used on lastfm, they can try it on the other popular sites like Amazon, eBay, PayPal and so on – and if it works on one, then that really is a problem.

That’s why it’s not a good idea to have passwords the same on different websites – at least not the same as any websites where it would be a problem if anyone else could get in.

But on the other hand, like I said at the start, I have umpteen passwords – if they were all different, how could I remember them? You could write them down, but if your house is ever burgled, you’ll have enough to deal with without the burglars also getting access to your online accounts.

So people tend to end up with similar passwords for different sites… and pick simple ones that would be relatively easy for a crook to hack.

It’s like the standard advice for choosing passwords: Choose a password that’s so complicated you can’t remember it and don’t write it down…  Obviously that has it’s problems…

You can set your web browser to remember your passwords, but it’s not terribly secure. If anyone gets access to your PC (in person or over the net), they can read off your passwords.

That’s where Password Managers come in. It’s like a sort of “safe” that you keep a list of passwords in. It remembers all your passwords (or all the ones you want it too) and then when you need a password, you click on the Password Manager program and it puts it in for you. You still need to put in one password (the one for the Password Manager) but one is much easier to remember than lots… and that one can be long and complicated since it’s the only one you have to remember.

What’s more, because you don’t have to remember them all yourself, the passwords for everything else can be as long and complicated as you like.

I must admit when I first started using it, I felt slightly odd not knowing the passwords myself – but it has made things more secure for me. And if there’s one or two passwords you’re especially nervous about, you could always remember those ones yourself.

It’s not something I’m saying is for everyone, but it’s worth knowing about them and if you have a lot of passwords and struggle to remember them if they’re all different, it might be worth it.

More help?
Incidentally, those of you who’ve been reading my newsletter for a while might know I also run (along with Mike) something called my Inner Circle which gives more help with PCs, Internet and tablets. Unlike the newsletter, this isn’t just open to everyone and in fact the doors have been closed to new members for just over a year. I’m planning to open them shortly and let new members in, but only for a week or two, then they’ll slam shut again.

Keep your eyes peeled for more info about what it involves, why you might (or might not) want to join and how long the doors will be open for.

(And for members who are reading this: we’ll shortly be welcoming in some new members!)

19 thoughts on “Pick a password you can’t remember and don’t write it down…

  1. Geoff Turner

    Good advice, I’m sure but you yhen hit the question of which Password Manager to use – there are loads out there.
    The ones I’ve looked at look awfully complicated,
    Any suggestions?

    Reply
    1. Tim Post author

      Hello
      The one I use is called LastPass – it does have some complicated features but you don’t have to use all of them (I don’t!)
      I haven’t tried all the others to compare it to, but I’m happy with the way this one works for me.
      Tim

      Reply
  2. David

    Don’t bother – the Password Manager sites are just as liable to be hacked as you are

    There is no defence except individual passwords not written down or stored And since that’s impossible….!

    Reply
    1. Tim Post author

      Hello
      I’m not sure I agree that they’re as likely to be hacked as you are – I think their security is a bit better than the average home user.
      It’s not a perfect defence (as you say, only having long passwords not written down and different for every website) would do that – and that’s just not feasible for most people, but I think for most people it’s a better defence.
      But it’s not for everyone – I certainly wouldn’t try to say everyone must switch to using one!
      Tim

      Reply
  3. Jackie Winstanley

    Great advice, just the sort of thing I need, but you neglected to tell me how I get one? Do they cost a lot? & if I buy one for the PC will it cover the tablet & phone & therefore be usable when I’m out & about?

    Jackie Winstanley

    Reply
      1. Tim Post author

        Hello
        Yes, I mainly wanted to make sure everyone knew what it was and what it did before getting into details of how to start using one – but clearly lots of people are interested, which is great!
        There are quite a few but the one I use is called LastPass, which you can download from their website here. Given the response, I’m sure I’ll be going over a bit more about how to set one up and use it in the future!
        Tim

        Reply
    1. Tim Post author

      Hello
      You can get one by going to the website of one of the companies that make them and signing up – the one I use is LastPass, for example.
      It covers whatever devices you want to use it on – you pay for the account rather than per device. But they do have a free version (which is just as secure) but only covers a limited number of devices – I’m not sure how limited it is, it could mean just one or it could be a handful (I use the paid for version because I use it at work and want a few other their fancier features).
      Tim

      Reply
  4. Tom Rutherford

    This- is a general comment on all your emails. It would be very useful if you made the title indicate what is in the text of the email. Todays is quite good – I know it is about passwords – but titles like “3 tips broken by acop of tea” are meaningless. I file all your emails for reference but find it difficult to locate the one I want.

    Reply
    1. Tim Post author

      Hello – thanks for the comment. Good point. I try to make the titles sound interesting as well but I can see how it could be useful to find the right one again.
      As a tip that might help with the existing emails, you might want to try using the find feature – it depends on what email system you use, but most have a box you can type words that are in the actual email into, which might help find the particular one you’re after.
      Tim

      Reply
  5. svtdot

    Password Managers
    Sound advice. I have used the Password Manager- Roboform for many years. In response to those who fear that their Password Manager site will be hacked; I recommend not using a site and storing your password details on your PC.

    A word of warning to users of Microsoft Edge. It does not work with Password Managers – yet. Something to do with extensions – a Microsoft work in progress.

    I discovered this when upgrading to Windows 10 (in hindsight a mistake). So I continue to use Internet Explorer. Windows 10 is not happy with this and simply refuses to accept Internet Explorer as the default browser.

    Anyone solved this problem?

    Reply
    1. Tim Post author

      Hello
      Apparently, there are now some Password Managers that work with Edge – for example this one which was updated recently for Edge. I suspect other Password Managers will be tweaked so they work with it fairly soon, too – I know Roboform have been working on it, so I’m sure they’ll get there…
      I’ve not had any problems changing the default to Internet Explorer by going into the start menu, typing default, then clicking on default programs and scrolling down to web browser and changing ti there – is that the way you’ve tried setting it?
      Tim

      Reply
  6. Carole

    I use Dashlane they are excellent and I was able to easily sync from my laptop onto iPad and iPhone only need to remember one master password to access it highly recommend used them for 3 years now

    Reply
  7. Colin B

    Fine for Passwords but what about PIN numbers, Personal ID’s, Security Numbers, Internet ID, Memorable Word, Customer Number and Security Question ? Old fashioned maybe but I keep this lot in a simple card index system – it never fails! Should a burglar get in he’ll more likely be after the silver candlesticks than an old shabby book.

    Reply
    1. Tim Post author

      Hello
      You’re right – there are some things it doesn’t help with. The ones that stand out to me are passwords or codes where you only put in (say) the 3rd and 5th letter/number instead of typing in the whole thing.
      Still, it helps cut down on what you need to remember and means you can use longer, more secure passwords without forgetting them – it all helps make things more secure.
      Tim

      Reply
  8. pamela Maher

    interesting–but I am nervous! Can anyone recommend a simple Manager, and say if it costs £s or is free??? It sounds as though one could spend hours entering them all into the site? Does it automatically find the wanted password when one uses the site? Google is always inviting me to save things like passwords, but I never do so–is it the same as a P/W manager?

    Reply
    1. Tim Post author

      Hello
      The one I use is LastPass and although I use a “paid for” version because I want some extra features, they do have a free version.
      If you have passwords saved in Chrome/IE/Firefox, it can find them from there, to save you typing them in, but if you’ve never done that then you would have to type them in – but you don’t necessarily have to do them all in one go.
      Then, yes, when you use the site it automatically finds the relevant password for you and you click a little button to let it fill it in.
      Tim

      Reply
    1. Tim Post author

      Hope the other answers I’ve put in answer what you were after! Lots of interest in this topic as soon as the newsletter went out!
      Tim

      Reply

Leave a Reply

The name you enter will be displayed. We collect your email address but do not display it. Full privacy policy here. Required fields are marked *