Today is Gizmodo International Change Your Password Day! Time to be responsible and come up with some 64-character string of random shit you’ll forget. Or, you could just keep the password you already have and be fine. Let’s do that.
I’ve had pretty much the same password for the past 12 years with very little variation from site to site and year to year. It’s a reference to a childhood experience so faint that sometimes I forget where it even came from. It’s not in any dictionary. It has numbers. It’s good enough. I use it everywhere.
We should all take security seriously. Make sure your router uses WPA2 encryption, don’t stay logged in to Facebook at the Apple Store, and don’t give your girlfriend your online banking login. Try two-step authentication. Care about yourself online. But this stuff is common sense, as is most password strategy. Pick a decent password and then stick with it. Odds are, you’ll never have to change it, because odds are nobody on the internet will ever care about you enough to find it. You’re not important. I’m not important. Very few people are worth the time to steal from or brute force a password out of. You’re not Bank of America or Sony.
So keep this decent password, and use it across the internet — Gmail, Facebook, Amazon, whatever — with a few variations thrown in here and there. Something you can remember. Something sane. Using a completely random password for every single site you use on the internet is neither sane nor practical, and using a password manager makes it impossible or a pain in the arse to login from someone else’s computer.
If a site you use gets hacked, change any account that uses the same password. That was simple, wasn’t it? Don’t write your password on a sticky note and tape it to your forehead. That’s simple, isn’t it? Don’t make your password “password” or “12345678″ or “sparkle”. That’s not so hard, right? You don’t need to change it from week to week, or month to month. Keep it for years — nobody will notice. You’re no more likely to be “hacked” today than you are at some set point in time down the road, so intervals are bunk.
So relax. Be reasonable, or before you know it, the internet won’t be a Xanadu of amusement and utility, but a Supermax paranoia zone of endless lists, random phrases and undue scrutiny. Just don’t be stupid, and your password is probably fine. So tomorrow, live like you’ve always lived — full of heart, eyes forward, and with all the same passwords you know so well. Because, hey, it’s easier.
Photo: Helder Almeida/Shutterstock
Kris
Thursday, February 2, 2012 at 11:20 AMAgreed.
Iain Dickson
Thursday, February 2, 2012 at 11:35 AMI use a password “system” to come up with different passwords for different sites. Easy to remember, not likely to be detected.
Also common sense goes a long way. Don’t enter your password on sus websites.
monkeymind
Thursday, February 2, 2012 at 11:41 AMHear, Hear!
Peter
Thursday, February 2, 2012 at 11:46 AMDon’t use the same password for everything. There are common lists of user names and passwords you can find on dodgy auction sites and torrents which were extracted from leakages of users from sites suck as psn or hotmail.. While your old hotmail spam account might not be too important, these lists allow spammers/scammers phisher or spear phishers to run through scripts to check that combination against a large deal of passwords.
If you really must use the same complex password for everything, I’d recommend adding a suffix for each site, just to keep them different.
JohnHedge
Thursday, February 2, 2012 at 12:00 PMThere are 2 types of site that annoy me because I can’t follow your good advice. The first is the site that limits you in either size, numbers or capitals and the other is a site that insists you change your password on a regular basis.
Ozoneocean
Thursday, February 2, 2012 at 12:10 PMVery true.
Quite relaxed for once. Makes a change from the tin-foil anti-Google scare articles.
Peter
Thursday, February 2, 2012 at 12:25 PMIf you have to change your password regularly, cycle through a prefix like reversed month names: Naj, Bef, Ram etc
Nah.
Thursday, February 2, 2012 at 12:54 PMI have multiple levels of password.
The weakest one is bleeping obvious- anyone could guess it.
I use it for my spam email, sites I dont care about, ect
then i have two “normal” passwords these are normal, good passwords, I put them on sites I do care about- but who would never be linked to eachother by anything other then my email.
then I have more secure passwords, longer ones, for websites I care about a lot, my email ect.
Then finnally I have the most secure stuff on my most needed to be secured data.
J
Thursday, February 2, 2012 at 1:24 PMHopefully you have changed you password completely since Gawker was hacked last year.
Otherwise there might be a few people ready to challenge this post.
aderts
Thursday, February 2, 2012 at 4:57 PMthe most important is to have different passwords for your hotmail than those less trustworthy sites, like Gizmodo (joking).
8/10 times you register account at a forum for a good-looking thread, keep passwords of this kind of site different will save your life.
chugs
Thursday, February 2, 2012 at 5:23 PMmy password is PI to the power of 10 to the 18 digits
take that quantum computing
Richard
Thursday, February 2, 2012 at 5:33 PMI agree, and I’ve never felt that frequent password changes necessarily aids your security that much anyway personally. As far as I’m concerned it only really is a safeguard at protecting an account that was already compromised, at which point the damage may already be done.
While it was a PITA, Gawkers security scares a while back did change my “single password” (some with slight alterations) to a method of creating unique passwords everywhere based on some common logic. I feel i have less incentive to change the passwords given if one is compromised, the remainders should be ok still.
I’ve considered password managers as well but I prefer my own predictable algorithm given I have too many mobile devices and those tools won’t integrate into all of them cleanly.
While I’m at it but, I wish sites would stop restricing the character set to alphanumerics only, or worse, length restrictions…especially ones like 6-8 characters.