Don't bother trying to remember all of your passwords - use this simple trick instead
Any password easy enough for you to remember is too short or simple to be effectively secure, whereas any password long and complex enough to be secure (and of course, unique per website) is too long and complex to remember. Yet, we use passwords everywhere.For security reasons, you need a long, complex, unique password for every app and website you log into.
Password management apps like LastPass and 1Password attempt to solve this problem by generating and managing very secure passwords for users. They make secure passwords that are incredibly long and utter gibberish. However, a password management app is a hackable single point of failure that you can be socially engineered into losing access to. Lose your password management app password, and you lose your passwords to every single site you cared about securing enough to use a password management app.I'm not a fan of password management apps, but I like the idea. I don't want to have to remember passwords, but I want my passwords to be secure.
I stumbled on a way to have my cake and eat it too on LinkedIn. I rarely use LinkedIn, and as a result, can never remember my LinkedIn password. Because I can never remember my password, every time I use LinkedIn, I use the "Forgot Password" link and make a new password.
Which takes me to a password reset page, into which I enter yet another password I won't remember 6 months from now when I check LinkedIn next.
After doing this 3 or 4 times I realized I could keep doing this forever, and just not bother to try to remember my LinkedIn password ever again.
Most sites have a similar reset function so by extension, I can do this on every other site and never remember any password except my email's. If I don't have to remember passwords, and they're only used once, I can make them insanely long and random. LinkedIn allows up to 400 characters in their passwords. Twitter and Facebook don't appear to have limits. Here you have it - secure passwords with no memorization.But this seems to create the same problem as password managers - your email is your new single point of failure. I'm willing to concede this, but if you enable two-factor authentication, lie in your recovery question answers, use a strong password, use separate emails to communicate publicly and register for sites, hide your registering email like you would a password, and look at the URL bar of your browser to make sure you're actually on your email provider's site when you're logging in, you should be fine.
- A newly found ‘super’ Earth only takes 2.4 days to complete a year
- A venture capitalist's advice for startups looking to raise money during this pandemic
- Into the wild: Epic pictures of magnificent beasts in their natural environment
- India clocks over 200,000 COVID-19 cases for a third day in a row
- Indian-origin scientist spots genes that fight Covid infection