Which possibility worries you more: having someone steal access to your digital accounts, or losing your own access by forgetting your passwords?
If the latter bothers you more, you aren’t alone. With most personal accounts, being hacked is a theoretical “might never happen”; but everyone knows the frustration of forgetting things at the worst possible time. And standard techie advice to make every password long, complex, and unique seems impractical at best, when today’s average digitally literate person has a hundred passwords. Not only that: many computer systems require users to change passwords regularly, or with each reset.
If you’re feeling forced to choose between leaving accounts poorly secured or requesting password retrievals every other day, the following tips will help.
1. Don’t just assume that “no one would bother hacking my account.”
Super-easy passwords like “1234” or the user’s apartment number are the mark of someone who considers account security an unnecessary nuisance, and their accounts too unimportant for hackers to bother with. Not true. Scammers know ways to exploit the most basic information; and if not you, people on your contacts list could become victims.
2. Know the key features of secure passwords.
Even if you don’t need maximum security, it pays to know what goes into the ideal password:
- At least 12–16 characters.
- A mixture of capital letters, lowercase letters, numbers, and symbols.
- Differences from other account passwords you use, so someone who cracks one account won’t have a “master key” to the others.
(If you want to check how secure your current passwords are, BridgingApps recommends this page, “How Secure Is My Password?”)
3. Recognize that keeping passwords secret is as important as making them hard to figure out.
A surprising number of people will set up a complex, secure password—and then defeat its purpose by keeping it in an obvious spot. If you make a password overly accessible so you won’t forget or misplace it, you may also make it easy for someone with unscrupulous intentions to find it.
“The least safe way to store a password is written down on or near the device,” says Walter Prescher, BridgingApps Digital Navigator. “I remember working with someone who had their computer password written on a sticky note under their keyboard”—and some people post reminders in even more obvious spots, such as right over the monitor.
4. If remembering is a problem, there are ways to create passwords that are easy for you to recall but difficult for others to figure out.
“Many of my clients have difficulty remembering a single password,” notes Prescher, “much less keeping track of multiple passwords and their corresponding accounts. I encourage them to create passwords by starting with a personally meaningful word or acronym, one they’ll be sure to remember. Then, make it hard to figure out by substituting special characters and numbers for various letters.”
5. Know about password management software.
If you prefer the security of more complex passwords, but can do without the challenge of memorizing them all or keeping the list hidden, your best option is a password manager. These apps keep the user’s entire password list encrypted and locked behind a master password, and the defenses are extremely difficult to breach. (Check out this TechRadar.com list of recommended password managers.)
6. Add a simple extra step to your account access.
“I encourage clients to use software that allows biometric and PIN number access,” says Prescher. “This decreases anxiety about forgetting passwords, and numbers are typically easier to remember.”
7. Keep an eye on your accounts.
No password system is 100 percent guaranteed, so review your accounts monthly for any suspicious activity. Accounts you haven’t used in the last six months are better deleted altogether, lest someone slip in and make a major mess before you suspect anything is wrong.
Expert opinions vary on how often passwords should be changed, but since technology is constantly evolving, it’s a good idea to at least check security value (see tip #2) every few months.
Finally, after you’ve done all you can, don’t waste energy worrying about what might happen. Passwords are retrievable, security breaches are redeemable, and the advantages of digital access are worth it!