Mighty Engine


Secure Yourself in 2016. Bad Passwords and How to Fix Them

Most of us use passwords that are easy to remember, even if that means they’re less secure.  I wager most of your life, like mine, is online somewhere from email to banking. The chance of any one person being hacked or specifically targeted for their identity is rare—all things considered—but if it does happen wouldn’t it be great if we could just nip that in the bud right now?

In order to really secure your account you’d need something random using mixed cases, symbols and numbers like ‘J4fS<2’. I don’t know about you, but things like this are hard to remember or make sense of and I find myself continuously clicking the “forgot password?” link on websites—even if this is a more secure option, which you can see below.

Password Saftey

Source: Lifehacker.

I’ve got the fix, though I will say up front that this doesn’t apply to all 100% of online accounts as some have specific password criteria to follow, but this will work for the vast majority of things out there.  Use a passphrase rather than a password—using common words, but refrain from complete thoughts, sentences or simple-to-guess thoughts.  When in doubt you are, think like Yoda you must.

Passphrase Saftey

Source: Lifehacker.

This idea isn’t new, but certainly any developer or self-titled hacker out there would have a similar system for maintaining their passwords.   Let’s break it down.

Step 1

Scour the internet and catalogue all of your online accounts. Everything from your bank account to that secret santa website you signed up for that time but never used. You want to make sure you’ve found everything. A quick Google search with your name or commonly used email addresses should dig up accounts you forgot you had.

Step 2

Delete any of the accounts you don’t need or want. Sites fall out of vogue on the turn of a dime and we just forget about them, but that information is still floating around.

Some sites don’t allow you to delete the account. You can try and reach out to support to have them delete the account on their end, but and easier solution is to replace the personal information with fictitious information and email. I recommend Chuck Finley.

Step 3

Whatever you have left we’ll separate by importance and security need.

Bottom Shelf

These are your one-offs, your disposables and your I-don’t-care-if-I-lose-thems. Sites that don’t weigh heavy on any real personal information. Bookmark or RSS feed aggregators. Those sites that just require your email address to sign up.

Password Example: every movie friday

Write this down somewhere if you’re afraid you’re going to lose it.

Second Shelf

These are your gems. Your social networks, work emails and your online photo storage sites. The things that’d make you upset if you lost.

Password Example: awesome are tiny pancakes

Write this down somewhere if you’re afraid you’re going to lose it.

Middle Shelf

These are important. Things hooked to personal and private information. These are you your website servers, your dropboxes and your onedrives. Information that could devastate if it was lost or taken.  This does not include your primary email address.

Password Example: cute unicorns built rainbow theory

Write this down somewhere if you’re afraid you’re going to lose it.

Top Shelf

These are the keychain accounts.  We tend to use our email as a source to restore lost passwords or regain access to a forgotten account.  What would you assume would happen if your email was hacked?  Lose your keychain and lose access to EVERYTHING.  So this is the most secure and should contain the fewest important accounts.

Password Example: pork belly in mason jars are yummy

Do not write this one down. Store it in your head.

Alternate Shelf

This is optional, if you use a service like LastPass or 1Password to hold on to all of your passwords. These apps allow you to create random and secure passwords and store them securely both on your computer or phone and in the cloud.  This is for that login and is there for sake of convenience more than anything, but shouldn’t be shared or similar to any of the below shelves.  I maintain that this multi-tier system of passwords is overall better in the long term and far less reliant on outside software or writing things down.

Password Example: open up you are secrets

Similar to Tier 1 keep this password in your head only.

Step 4

You’re secure.

If any site on a given shelf gets hacked change all of the passwords of the accounts in that tier.  Doing this ensures that accounts are always kept up to date in that tier.

It’s not a perfect system, but it’s secure and easier to remember. And though I’ve been told that utilizing the same password around multiple platforms is unwise, regulating the entry points to all of your accounts means that you’re more in control than someone with unique passwords on every account.  Though a service like LastPass or 1Password is more secure and designed to generate and maintain passwords across platforms, keeping randomly generated passwords in the cloud or on a spreadsheet could potentially spell disaster should it ever fail or get deleted. This way I can easily remember at least one password—my email—and that’s really all that matters.

For special bonus points: any account that allows you to use two-factor authentication is probably your best option.  This requires use of your phone (typically) to twice-authenticate that you are who you say you are.  Someone might figure out your password, but if they don’t also have your phone in hand they’re not getting in.

Do you have a system that works better, or recommendations to make this a bit better? Drop me a line and let me know. Good luck and safe browsing.