Here’s what they all tell you:
- Never use a password that includes names, numbers, or places from your life.
- Never use the same password twice.
- Never write down your passwords.
- Never store your passwords on your computer or your phone.
- Never give your passwords to anyone else.
Password Rules Are Hell
According to the rules above, you’re supposed to:
- Use a different password for every account you have online
- Use passwords that don’t contain anything from your life – i.e. people, pets, places you’ve been, favorite teams, or anything else that somebody might guess you would use
- Keep no record of your passwords, anywhere
- Trust absolutely no one with your passwords
Um, does that sound doable to you?
Heck no. It’s classic circular logic. Catch-22. Absurd. Impossible.
It’s Password Hell.
Most of Us Break the Password Best-Practice Rules
All these great rules leave us right where we started: Nowhere.
So most of us do what humans will do – we cheat. Either we use names and places that mean something to us to help us remember our passwords, or we use the same password everywhere, or we write our passwords down on a piece of paper, or we store a “secret document” on our laptop with a list of all of our passwords.
Or any or all of the above.
Is this you?
How Can You Possibly Follow the “Good Password Practices” Rules?
I have a secret: you can actually follow all but the rules you’ve been told, except for one, and you can do so easily and safely. So what’s that secret?
It’s this: Break Rule #5: Give your password to someone else.
Now why in the world would I suggest you do that?
Because it’s the best of all the unattractive, risky, or downright foolhardy choices you can make in your password management.
I’m not suggesting that you give your passwords to your spouse or a friend to remember for you. Not only would that be a bad idea, it’d be downright impossible for either of you to manage.
No, I’m suggesting that you use a trusted, respected professional password management service. There are many out there; LastPass is one with an excellent reputation, and it’s the one that I use. And P.S., LastPass offers a free option.
How it works is this: You set up an account with LastPass. You create one super-duper hard-to-guess but, for you, easy-to-remember password for your Last Pass account. And that’s it. You will never need to create nor remember any other password again. Just one super-important Master Password, for the rest of your life.
Once you’ve set up your account, Last Pass will generate a new, random password for you whenever you need one. When it generates a password, it will remember it for the website you’re using at the time. And when you come back to that website later, it will, upon your command, fill in your username and password for you. And, if you need or decide to change your password on a website in the future, LastPass will update the change in its records too.
Why Should I Trust A Password Management Service Like LastPass?
LastPass, and other services like it, is in the business of creating and protecting password banks for its users. It has several levels of security incorporated into its process. A whopping 7 million people use LastPass. Major companies use LastPass. It has earned a reputation for trustworthiness. It is a good company.
Sure you, could say “I don’t know them, I can’t trust them.” But you could say the same thing about the people who handle your money in the bank, couldn’t you? Frankly, unless you want to continue to leave yourself open to the possibility of password theft by using the same password everywhere, or using easy-to-guess passwords, or by writing your passwords down somewhere, your only real option is to honor the first four rules I listed at the beginning of this article, and then “break” rule number 5 and trust in a password management service, and use it religiously.
Is There A Catch To Using A Password Management Service?
There is, in a way. It’s this: You need to create a hard-to-guess password, and you need to remember it. Like, really remember it. And you should not give it to anyone else – really, not anyone. (It’s not that a trusted friend is likely to sell you out; it’s that your friend may not do a good job of keeping your password safe, in which case it could get into some evil hands.) Nor should you write your password down. That’s a bit of pressure. But if it’s your one Master Password, the only one that you will ever need to remember, it is something that you can memorize, just as you do your lifetime government ID number.
If you’re really nervous about one day blanking out entirely and irrevocably forgetting your master password, you can always write it down and store it in a safe deposit box or a home safe or in some other super protected spot. After all, we’re all human. One last-resort safeguard isn’t a bad idea.
So here are some questions for you:
Admit it: Do you use the same password for multiple sites, and secretly feel guilty about it?
More confession time: Do you keep a piece of paper near your computer with all of your passwords written down?
Do you use a password management service? How has it been for you? Please share the service that you use!
This article originally appeared on Sixty and Me.