How to Use Safer Passwords Easily

Now that she knows for sure that the NSA is spying on our every move, my pal Bernice has become ever so worried. She wants her wedding plans to be a surprise for her fiance Melvin, and is afraid that some of the juiciest details—like the trained giraffe’s dance number—will be leaked to the media (in her shoes, I’d worry more about leaks to the health department). She’s come to me asking for help making her GiraffesRUs.com account secure.

Use a Strong Password

First, I told her to make sure she’s using a strong password. Tech Talker did an episode on choosing a strong password earlier this year. He recommends using a long sentence, with capitalization and punctuation, if your web site allows it.  Astonishingly, for example, my bank limits passwords to 14 characters with no special characters, thus guaranteeing it can be broken into by a 12-year-old with minimal computer skills.

Sponsor: Squarespace, the all-in-one platform that makes it fast and easy to create your own professional website, e-commerce site, or online portfolio.  For a free trial and 10% off, go to Squarespace getitdone and use offer code getitdone10. 

Be Ungrammatical

Bernice likes the password sentence, “I love Melvin!” But it’s weak. The sentence can be guessed by anyone who knows her. And the NSA knows her really, really well. Also, the sentence is grammatical. A recent paper from Carnegie Mellon and MIT found that using grammatical sentences makes it much easier for perpetrators to guess a password. And finally, she capitalized and punctuated correctly, so that’s a problem.

To make her password more secure, she made it ungrammatical, capitalized incorrectly, and put punctuation in unexpected places. Her new sentence reads, “melvin sliderule 432 Hearts my Forever! schmoopie.” “Melvin” is not capitalized, while “Hearts” and “Forever” are.

It’s Hard to Type in Password Fields

Bernice was thrilled about her new password…for about an hour. Then she came to me in tears. She’s been trying to access pictures of her new giraffe on GiraffesRUs.com on her mobile phone and she couldn’t log in. “My new password is very hard to type when I can’t see what I’m typing,” she complained.

It’s true. Password fields show little round circles, so Bernice doesn’t know if her long sentence, with weird capitalization, numbers, and punctuation marks has been typed correctly. There’s a simple solution, but first, we must understand how we got to this sad state of affairs.

Once, computers took up entire rooms and had dozens of users. This was called “time sharing.” The idea comes back every few years with completely new terminology so the IT industry can justify its continued existence. You know time sharing as “client/server,” “thin client,” and most recently, “the cloud.” It’s basically the same idea, but we can’t say that out loud or we’d have to admit that most of what passes for innovation is really cheap imitation of the past on a new piece of hardware with added features.

But the world was different back then. People used printing terminals, not CRTs. There was a paper record of everything. People also sat side-by-side in the terminal room, so you could glance over and read what your neighbor was typing. That was considered rude and tacky, but we all did it anyway.

This made passwords tricky, since they were visible. The person next to you could see it, and since they were typing on paper, someone could go through the trash and see people’s passwords.

They solved the problem by having the printer print a row of asterisks then back up over the asterisks. When you typed your password, you would type over the asterisks and your password would be impossible to read.

Those Who Forget History Are Doomed to Repeat It

Sadly, computer programmers never bother to learn anything about past systems. That wouldn’t be fun, and it would mean each new generation of programmers would actually have to learn, study, be creative, and invent something new. That’s really hard to do. So instead, they reinvent the past, without understanding why the past got that way. Just ask the 9,000 apps in the app store that make your 8-megapixel digital camera look like Dad’s 1972 Instamatic camera pictures that had been left in the sun too long. We call this “progress.” Ask me sometime why DOS only allowed uppercase filenames.

Make typing easy. First, check that no one’s looking over your shoulder. Then type your password, but not in the password field…

Computers evolved to single-user PCs with screens and cell phones. The practice of blacking out password fields did not evolve. Today, the only reason we would want a password field blanked out is to protect against someone watching over our shoulder who happens to know which web page we’re on, and is close enough to read our cell phone screens. That’s rarely a problem.

Type Your Password in the Username Field

So don’t use a blocked out password field! Make typing easy. First, check that no one’s looking over your shoulder. Then type your password, but not in the password field. Type into the username field, where you can see your typing. Make sure it’s correct. Then cut and paste it into the password field. Return to the username field, type your username as normal, and log right in.

“But wait!” Bernice cried, “won’t that leave my password on my clipboard, where I could accidentally paste it somewhere else by mistake?” Good call, Bernice! Be extra-safe. Once you’ve typed your username, select it and copy it to the clipboard, just to make sure the last thing stored on your clipboard isn’t sensitive information.

Bernice is thrilled with her new security scheme! She’s signed up not only for GiraffesRUs.com, but for other mammals she thinks would be wedding-friendly. Like the platypus. She uses long, ungrammatical passwords, and can finally type them accurately on her iPhone by cutting and pasting from the username field. With the live entertainment well under way, Bernice is about to start working on the centerpieces. Be afraid. Be very afraid...

For more tips on how to work less and do more, check out quickanddirtytips get-it-done-guy.

Password and lock images courtesy of Shutterstock.