It’s perfectly human to forget passwords. After all, most of us have a whole bunch of them, too many to keep track of in your head, especially when they all have to be different, and long and complex enough to be reasonably unbreakable. What most people seldom realise is, in most cases it’s perfectly all right to forget your passwords, which may seem somewhat counter-intuitive. Let me explain …
Helping you recover your password
Most websites where you log into a user account, also have something called “Forgot password”. Some may say “Reset password”, “Login help”, “Trouble logging in?”, or any of a number of variations on that theme. The point is, if you’ve forgotten your password to a website, the website will try to help you log in despite the fact that you don’t have the password. If you have your contact information in place, this will work nicely, every time.
What usually happens is, if you click the “Forgot password” link or button, the website will send you an email, or possibly a text message to your phone, containing either a one-time code (OTP) to enter at the website to prove you’re the actual owner, or a link to a web page where you can create a new password.
The thing is, you can then create a new, complex, reasonably secure password, which you plan to use just on that one occasion, and safely forget about until next time, at which point you simply repeat the process.
The whole thing may take you a minute or three, as long as you have your email or cellphone readily at hand, but that is time well spent. It’s also important that you, and only you have access to your email and cellphone.
The one to remember
One password to rule them all,
One password to find them,
One password to bring them all,
And in the darkness help you regain access.
The one password you should definitely know by heart, or at least write down and keep in a very safe place, is your email password, because that’s what’s at the core of your password rescue scheme. You may register your cell phone number here, too, as a precaution just in the event that anything should happen to your email. It may also be a good idea to change your email password once in a while, just in case.
Keep your contact information current
Of course, you must have entered your email and/or cellphone number as contact information on your account at the website beforehand, or this simply won’t work. It’s also important to hang on to that email address and cellphone number, or to update this information before you change them, or you won’t have access to the correct email or number used to verify your ownership.
Registering both email and phone number is what is called a failsafe. If you lose access to your email, you can still (in most cases) receive text messages on your cellphone. If you lose access to your phone, you can still receive emails. If you lose access to both, you may be out of luck.
So if you’ve changed your email, use your cellphone to regain access. If you’ve changed your phone number, use your email to regain access. Never wait until you’ve changed both!
~ o ~
If that’s all clear and understood, then this is where you can stop reading. If on the other hand you still feel that you need a few pointers, please continue.
What is a secure password?
On a general note, a secure password is reasonably long, say at least 12-16 characters, and reasonably complex and random.
This is a good example of a reasonably secure password. It is 16 characters long, and combines both lower and upper case letters, and numbers. You can use online random text generators to help you create such passwords. The downside is that they’re a nightmare to type, so you had better know how to copy and paste text.
Here is another good example. Consisting of four randomly selected words it’s long (27 characters in this case), but easy to type. You may use more words, but do keep them random. If you could throw in a few upper case letters, too, then that would be even better.
These are the same words, but with the last vowel of each word is in upper case, further increasing the complexity. It’s a little harder to type, because you have to think more about where to put the upper case letters, but manageable.
How to choose random words for a password? One approach might be to pick a book, open it at a random page, place your finger blindly somewhere on that page, and pick that word. Repeat for further words. Or you can use an online random word generator; there should be several available.
These are just examples. You may choose your own password scheme, or rely on a random “alphabet soup” each time. As long as you don’t have to remember it, it doesn’t matter what it is as long as it’s safe enough not to get broken into in the time until next time you change it.
Why unique passwords are so important
If you use the same password on all or several of your user accounts, then if someone figures out your password in one place, they can easily get access to your other accounts. All they need to do is try the same combination of email address and password everywhere (this can be done automatically and swiftly), and presto, they’re in!
Unique passwords means that, even if they get into one account, your other accounts are still safe.
But my accounts aren’t very interesting…
I hear this a lot. The thing is not what you keep in your user accounts, but what they can use them for.
Once they’re inside, the intruders can masquerade as you (this is what’s called identity theft) in ways that are harmful to your reputation, threatening to others, or engage in downright criminal activities. To mention but a few things, they can place orders for merchandise or services in your name and at your expense, or use your friends’ or contacts’ trust in you to gain access to their account information, or ask them for money, or place ads or viruses on your social media accounts (including, but not limited to, Facebook, Tumblr or Twitter), or simply harvest your contact list for contact information where they can send spam, and much more.
The point is, even though you don’t use your accounts for anything interesting, they can. And as a consequence, your life may then suddenly become far more interesting than you would like.
What to NOT use as your password
Anything that is not random, or anything connected to your person, is not a good password. For example no birth dates, phone numbers, names of family members, or even your dog, your car’s registration plate. No historical dates.
Also no names or birth dates of yourself or family members. Simple letter or number sequences should be avoided like the plague. “12345678” or “abcdefgh” will get your account hacked in mere seconds. Even Pi to sixteen decimal places, “3.1415926535897932”, has been used to death, as have most other mathematical constants, historical dates, common names and so on. Most anything you can think of, short of bashing your fingers blindly and vigorously at the keyboard, will not be random.
Which email address to use?
Because your contract with your ISP might not last forever, it’s a good idea to use an email address that is not relying on that contract. If you choose to use the email that comes with your ISP’s plan, if or when you cancel your plan, your email dies. There are several independent, free and easily accessible email services available for your choosing. To give a handful of examples among the most well known ones include Gmail, Hotmail/Outlook, and Yahoo! (no, I’m not paid to mention them). These can be used anywhere, regardless who your ISP might be.
You may of course have several email addresses, in which case make sure one of them is easily accessible, to use as your “forgotten password” life boat. That’s the one email password you’ll need to remember, and even if you forget it, you may use the cellphone approach.
What are ‘websites where you log in’?
Because I get this question a lot more frequently than one would believe, and because someone suggested it, it’s probably a good idea to include a short description for clarity. There’s no shame in not knowing, as long as you’re willing to learn when it’s necessary.
A ‘website’, simply, is an Internet web page.
A ‘website where you log in’ is, in short, anywhere on the Internet that you need to enter a username or email address, and a password. That’s it.
Websites that don’t use passwords
Some websites (and I expect there will be more as time goes on) have done away with ‘remembering passwords’ altogether. Instead they go straight to the email-or-cellphone approach. First you type in your email address or phone number, after which they send you an email or SMS with a one-time pass code (OTP), or a link to click on, with which you will then enter the website. The first one that springs to mind is Medium.com, but there are others.
After all, passwords are simply proof of membership or access at a website. Anything sent to your email or cellphone in the course of logging in is proof of ownership. The assumption is that you are the only legitimate owner of that email address and that phone number. If you can confirm your identity by typing in the provided one-time password, or click on the provided link, the website will be confident that you are the person that you are claiming to be. In other words, make sure that the only person with access to that email address and that cellphone is you!
~ o ~
If you’ve read this far, then I hope that this article may be of help to you. I’ve covered many of the questions I’ve received over the years, and situations that people often get into. Remember that safety is a virtue, know that there are people who will try to break into your stuff, and do your best to ensure that your personal information is locked down and inaccessible to others. You may use different approaches than what I’ve mentioned, but he important thing is that you keep yourself reasonably safe. It’s a little like looking both ways before crossing the road.
Disclaimer (because lawyers): The author has a working experience in computer and internet related technical support since 2000. Some of the views in the article are based on personal opinion, again based on said experience. Care has been taken in presenting the matter in a comprehensive and thorough manner, with emphasis on security, however the author and this website do not make any guaranties either expressed or implied that the advice here provided will ensure complete security (there is no such thing as being 100% secure), or accept responsibility for harmful consequences. Errors and typographical mistakes may occur. It’s generally advised not to base one’s security practices on only one source of information, including this article. The assumption is made that the reader exercises caution and good judgement in their Internet use, whether or not they follow any advice or information presented in this article.
Many thanks to The Old Wolf for proofreading assistance 🙂
A handful of related websites that may be of help.
- HowSecureIsMyPassword.net – Here you may test out passwords to see how secure they are. Mind you I don’t suggest typing your actual password, but rather something similar! Although this website has a good reputation, and I don’t suspect them of foul play, you can never be too sure.
- HaveIBeenPwned.com– By typing in your email address here, the site will check if it shows up on any known lists of security breaches. If it does, it’s highly recommended that you change your passwords on those sites. Mind you, it will still be showing those breaches after you’ve changed your password; it simply doesn’t know whether you have or haven’t.
- HaveIBeenPwned.com/Passwords – This one will check if your password shows up on known lists of account information that have been stolen from websites. It doesn’t show which sites, but if you’re still using those passwords anywhere, you ought to change them as soon as possible.
- Random.org password generator – This will help you generate random passwords, excellent for one-time use. Remember to specify long ones, at least 12-16 characters in length.
- RandomWordGenerator.com – If you’d like to use random words instead of ‘alphabet soup’, this one will help you out in that regard.