|Strong Passwords Chart|
I posted this chart to Twitter yesterday and got a lot of retweets along with a lot of reaction.
1. People wanted to complain about passwords, how many they need, how hard it is to remember them etc.
2. People wanted to tell me how to create even stronger passwords or use other password systems or even apps to help you generate and remember passwords.
3. People wanted to thank me for talking about this with students. (I like those people the most.)
Clearly, passwords are an issue that lots of people have really strong feelings about. They are the weakest link in our human/machine interface and lots of people have developed nearly superstitious behaviors about them.
The truth is that passwords are a lousy way of proving who you are. Anyone who really wants to get into your online life will find a way, just like a thief determined to burgle your house will find a way in. You take precautions, lock your doors and avoid hiding keys in obvious places, or you start building an underground fortress in an undisclosed location.
Talking to Students about Passwords
I am really hoping that 10 years from now my students look back on the conversations we had this week and think, "Wow, remember when our English teacher had to explain how to make strong passwords? Can you believe that's how we used to handle our online security?" In the meantime my educational objectives are to get them to stop using the same password for everything, stop telling their friends their passwords and start creating stronger passwords. Along the way we are learning things like how to recover a forgotten password, the beauty of two step verification, and the importance of a recovery email.
One approach I have taken with students is to encourage them to have a tiered password system.
Level 1: Sites that are super important to you, they carry sensitive personal or financial data. These sites each get a dedicated password that is complex. You only use that password for that site. mDiB&Fu33y
Level 2: Sites that carry personal data, but don't have connections to your economic life. These sites would get an easy to type and remember password that still has unique characteristics and adds a site specific keyword. s0cia1-twitter567
Level 3: Sites you don't care about much, hardly ever use and only occasionally need to access. (Delete these accounts?) Go ahead and use a generic password but consider adding something specific to it. generic#23
Level 4: Sites that seem sketchy. Never give them a password you use anywhere else important. Have a special root password for sites you don't trust. MyDogsName43
Password Tip for Parents:
One of the best things we did when our kids were little was give them a password to access our home computer. They didn't need that password as a security precaution, we used it as a teaching tool. We made our phone number the password. The kids learned the number very quickly and I know that they always know how to call me.
More Password Resources
I've had an interest in passwords for a long time. They are supposed to help us validate that we are who we say we are when we interface with the machine, except they don't. If this week has sparked a geeky interest in passwords for you too, I offer the following recommended readings.
Kill The Password
Choosing a Secure Password
Create a Stronger Password