We all need to have passwords for everything these days, but we often can’t reuse them because reusing a password we used before leaves our account open to abuse by people who have hacked servers and breached stores of passwords.
How secure is my password?
We often try to make our lives easier by choosing passwords we can remember, but doing this means we often use passwords on multiple sites or in a form that can be easily guessed on another site, especially if we stick to a set structure.
In World War 2, the Enigma code was broken because Germany always started their announcements with the weather report to their soldiers, and there will always be a Heil Hitler in the body of the message on a regular basis. That repetition was their downfall, and reusing the same password for multiple sites can be your downfall too.
Creating better passwords
One of the ways you can improve your passwords is by using words you will remember. For Facebook, for example you could use their letters as words, so for instance:
In this example, the numbers are Facebook HQ. A lot of sites need mixed case, symbols and numbers so this password has them all.
As long as you remember what words you use, a long password like this will be close to impossible for someone to work out.
If you had a different theme in mind, you could use photographic terms or nautical terms or whatever you feel. If the site gets hacked, you can change one word in the password with another similar one and your account is secure again. Onion could be Okra next time for example.
OTP and MFA
OTP (One Time Passcode) is part of a new system called MFA or Multi Factor Authentication, although this is often called Two Factor or 2FA, it works with something you have and something you know.
For your bank, you have an authentication device, either in the form of a calculator or as a device you plug your card into. Once you enter your PIN, you enter the 6 digit code into the website and you gain access that way. The bank makes sure you are the right person because you have your bank card and you know your PIN.
Another popular method is by using an authenticator app on a smart phone to generate the 6 digit code needed to log in.
Often backup plans are implemented in case the app doesn’t work, or you have lost your phone. A code can be sent to your email or by SMS message to your phone. You can reset these details once you are authenticated with one of the methods.
Unfortunately, technologies change like with Microsoft, which ended support for landline phones where the system could call a user so they could unlock their account, so anyone with a compromised account couldn’t recover the account because they can’t be reached.
In the past, I used to advise people not to write their passwords down but since there are so many passwords that we have to remember and change often, there are some alternatives. A company called WipeBook make books that behave a bit like a pocket whiteboard, you can write your passwords in them and when you need to change them, you erase them and write the new one.