Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to remember passwords (and which ones you should)

Joe Kissell | Nov. 29, 2012
No matter what tools you use, you’ll have to memorize at least a few passwords, you don’t want to trade security for memorability. Here a few tips that can help you make sure your brain doesn’t betray you.

At the risk of repeating myself (see What you dont know about passwords might hurt you), the best way to ensure that you never forget your passwords is to offload the task of remembering to a password manager such as 1Password (; $40). For most passwords, most people, and most of the time, thats the only trick youll need. However, no matter what tools you use, youll have to memorize at least a few passwords. Because those are among your most important, you dont want to trade security for memorability. Here a few tips that can help you make sure your brain doesnt betray you.

Determine which passwords you must memorize

I have no idea what 99 percent of my passwords are. Honestly, none whatsoever. Theyre long strings of random computer-generated characters, and Ive never even glanced at most of them. When I need to use them, I let my password manager fill them in for me or, if that wont work for some reason, I copy and paste them. After all, its no harder for an app to enter a 14-character random password than for me to type in the word baseball, so I figure I have nothing to lose by going the crazy-secure route.

However, one password Ive memorized cold is the password that unlocks all the other passwords stored in my password manager. Thats a pretty important one. Ive also memorized my OS X user account password, because I enter it many times a dayand since I use OS Xs FileVault, I need that password to start up my Mac before I have access to any automated tools. Since Im frequently prompted to enter the passwords for my iCloud, Gmail, and Dropbox accounts (often in situations where it would be awkward to copy and paste), Ive memorized those too.

Depending on your habits and needs, your list might be different from mine, but most people can get by with no more than half a dozen passwords committed to memory. Considering that you may have many hundreds of passwords overall, memorizing five or six is a pretty minor task.

Choose a path to high entropy

Once you know which passwords you need to memorize, your next job is to choose passwords that are strong enough to defeat automated hacking attempts yet memorable enough that you can produce them instantlyand, for bonus points, they should be convenient to type.

Undoubtedly you know the basic drill by now. All things being equal, longer passwords are better than shorter ones; random passwords are better than those that follow a pattern; and the best passwords combine upper- and lowercase letters, numbers, and special symbols such as punctuation. It turns out, though, that you dont necessarily need all those qualities in a password to make it securefor example, a long but simple password can be just as secure as a short but complex one. This is provable through a concept called entropy, which refers to a mathematical approximation of how difficult, on average, any given password is to guess.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.