Summary
This one is fairly simple, here at Tech Topics Explained, we recommend you recover (reset) your forgotten passwords, rather than use a password manager or write them down on a piece of paper.
So, You Don’t Use a Password Manager?
I don’t (yes, I have used a password manager in the past). Nowadays, I just reset my passwords.
As a cybersecurity professional, password security, including attributes like password length, complexity, and age, are significant concerns for securing both user (you!) and Admin (me!) accounts.
As you can guess, the three most important attributes for determining the strength of a password, mentioned above, are length, complexity, and age.
1. Password Length – There is NO substitute for password length. Simply put, the longer you password is, the more secure it will be, even if you use commonly guessed words or phrases. It would be nearly impossible for password cracking program to guess “RubberBabyBuggyBumpers”. I’m not advocating you change your password to such a ridiculous phrase. However, given enough tries, it would eventually be found out, or discovered in a breach where attackers are able to obtain usernames and passwords. More on this later.
2. Password Complexity – Most password attacks rely on either a dictionary or brute force attack, or a combination of the two. These types of attacks simply guess passwords based on commonly used words and phrases. “Password1” would be an example of a password that would be easily cracked by such attacks, because it’s a common password that isn’t very complex. Most websites and applications use a password lockout feature, where if you guess too many incorrect passwords your account is either temporarily or permanently locked until the lockout period expires or your password is recovered, often via email. However, you’d still be gambling with such a commonly cracked password. Imagine how much harder “RubberBabyBuggyBumpers” would be to crack if it was “Rubb3rB@byBuggyBumper$”. Mathematically, the answer is “a lot.”
3. Password Age – With time, all riddles are solved, including your cleverly thought out password. The longer your password stays the same, the more likely it is to be hacked or exposed in a breach, as I mentioned in the Password Length section.
I recently counted, and I have over fifty, that’s right, five-zero different accounts! How do I keep track of that many passwords? The short answer is I don’t. I forget my passwords, ALL of my passwords, and then I recover them. It’s not that I’m forgetful, I actually have a pretty good memory for passwords, and my important passwords, such as the one for my primary email account and work passwords, are burned into my memory. However, I reset those passwords anywhere from 5-7 times PER YEAR with lengthy, strong (complex) passwords.
The truth is, it’s easier to reset or recover a lost password than it is to recover from you identity being stolen or an important account being compromised. It often takes less than a minute. I typically spend more time trying to guess a password than I do actually recovering a forgotten password.
In closing, create lengthy (more than 8 characters), complex passwords and then forget the ones that aren’t vital. When you do update a password, if the option is there, sign out of all devices that use that password and sign back in AS NEEDED. You’ll find that you are satisfying all three conditions of a strong password above without even trying. This makes you a more difficult target for people who use the internet for more nefarious purposes that watching dog videos and signing their kids up for summer camp.
-Admin