By Matthew Young
When you have to pick a new password for a website or an application, what do you pick? Do you use an old favourite, used many times before? Do you use your date of birth, or the name of your dog as part of it? Do you completely randomise it? Do you do the minimum number of characters required or many, many more… and if so, how do you remember them all?
Over the years there have been many ideas put forward on how long and how complex a password should be… eight characters or more without part of your name; 12 or 20 characters; random c#@r@ct3r5 spelling a word; completely random words put together such as BlackHouseRunningMan; or how about even allowing your browser to suggest a complex password for you? All of these are examples of advice given on how to beat the hackers, how to prevent your password from being guessed by someone, and they are at heart, all good pieces of advice and there are many, many more you can read about.
Time and time again you see people with notebooks for passwords and account numbers, or stickies on their computers etc. Needless to say, this is not the right thing to do, but if you do need help remembering things, consider using password helpers such as Dashlane (www.dashlane.com) or LastPass (www.lastpass.com). These are companies who offer both free and paid services (as do many others) and securely store and synchronise your passwords across devices, meaning you can have the plugin on your laptop browser and the app on your phone and have access to the same passwords. Such systems can also often suggest very complex passwords to use if you, and this is something Safari on Apple devices does as well. This is great especially for those who find it very hard to think of a unique password, but if it is too complex you will not remember it, you still need another method to remember, such as these helpers.
In the end, however, what use is a complex password if you simply will never ever remember it? The point is to keep everyone else out, not to keep yourself out. There are still general rules, however: Never include your birthdate; never use part of your name or the name of the institution the account is for; use more than eight or more than 12 characters at least. Having another method to store and encrypt passwords is a great idea if you have lots of websites to remember information from… however, the most important thing though is to use something you will remember, no matter how complex, and not NEED helpers even if you have them. How complex is complex enough: the conundrum of complexity.