As a seasoned (some would say ‘power’) user you know how demanding good password selection can be – there are so many different things to consider.
It’s a statement and a public performance; a password is a micro-haiku that lets the office newbie know they’re playing with the big boys when you hand them that careworn yellow post-it.
It’s precious and you want to get it right because you only get one.
YOLOAYORNOPNMWTAGIIS* as they say.
Nothing says “I’m logical and good with numbers” like 123456 but is that really the real you? Where do your loyalties lie?
Your head says pet’s name but your heart says sports team + championship winning year.
And what about humour? Rude words are straight-up funny but the self-mocking, recursive genius of choosing password as your password is just so hard to pass up.
And then there’s security. You’ve seen Swordfish and you made it through one and half episodes of Mr Robot. You know what’s what. You want people to think you care about security so you’re going to have to ruin that perfectly good password by putting a number on the end of it.
It’s a minefield wrapped in another minefield surrounded by a minefield and, frankly, you could do without it.
Thankfully help is at hand. We’ve put our heads together and come up with a simple and easy to understand, cut-out-and-keep guide to choosing impeccable passwords.
*You Only Live Once And You Only Need One Password No Matter What That Awkward Guy in IT Said.
If you want some advice that might actually help you…
…check out our video that shows you how to pick a proper password.
delayedthoughtengineering
I can’t express how important it is that a user start using a password manager as soon as they can. It takes a little while to get used to, but then you can create new entries and have the thing generate random passwords for you. Cyrillic characters? No problem. Hieroglyphics? Let me at ’em. (Unicode values U+13000 to U+1342E) 38 to 42 characters long? Why not 64? But OK, 42 for maximum effect.
I use KeePass and can create custom random passcode generators in it to match whatever rules a password system might throw at me. (I’m going to go see if I can create a Hieroglyphics rule!)
Techno
It’s even better than that because Keepass supports physical USB keys such as Yubikey (once you have installed the right plugin).
Anonymous
I use lastpass but I tell all my users to just put 4 words together with an uppercase and number and it makes a more secure password.
Jim
I love it. Great job, Mark!
Ashley
The password “YOLOAYORNOPNMWTAGIIS” has an extra “R” in it, or your *Expanded-Acronym is missing an R word.
Steve
It probably should have said “you only REALLY need one”… thus the R.
anon
I don’t know any IT department with a password reset process that takes 20 seconds…
My experience is more like five minutes. What’s yours?