One of the greatest challenges of the internet age has nothing to do with technology and everything to do with being human. It is the act of remembering passwords.
There was a time – and yes it was a simpler time – when we really only needed to remember one or two passwords. There was a personal identification number (PIN) for our ATM cards and then a password for our email. Then along came internet banking. For all of our bank accounts. Logins for news sites. Websites. Shopping accounts. We setup profiles on sites like Kiva for charity, registered for various frequent flyer programs, free email accounts and games. On top of that are cornerstone accounts – the Apple iTunes account and your Google Account are controlled by a single ID that is linked across a variety of services – but that integration was rolled out over time.
By the time that social networks came along, we already had dozens of user IDs, a handful of email addresses and profile and accounts scattered across the web.
To make matters worse, each of these sites has its own standard for password strength. Some sites require complex passwords incorporating non-standard letters or numbers or capitalisation. Some sites require all of these. For online transactions, financial institutions require two factor authentication (but only some) – requiring two stage combinations before providing you access. This can include your standard account ID and password along with an SMS code or a picture puzzle displayed on-screen.
All of these variations have to be remembered. Or documented somewhere secure. Accordingly, our ability to remember passwords has become big business – with service and platform providers offering to help us “manage” the mess we have found ourselves in. Sure, many of our web browsers “remember” our account details for us, but what happens when you login from your phone and not your computer? What happens when you login with your home PC and not the laptop you use for work?
It doesn’t matter if someone hacks an account?!
Many people believe that it doesn’t matter if an account is hacked. For example, you could have an old email account hacked and not know it. What happens? Here are a few scenarios to consider:
- Your email account is quickly scanned / searched for user IDs or passwords (like account confirmations)
- This information is fed into the hackers computer to test out on sites across the internet. This is automated and means that hundreds of attempts / variations can be made in minutes.
- The process is repeated with each success – with more information gradually being built up around your profile, access etc
- If credit card or bank account numbers are found – then these can be quickly shared, sold on or used as currency in their own right
- Small charges can begin appearing on your statements without your noticing, gradually escalating in size
- In worst case scenarios, your accounts can have passwords changed and address details altered
There are a series of approaches that can improve your password security – and they are relatively simple to implement:
- Create your own tiered security:
- Tier 1: Make a list of your high risk accounts – bank accounts, email, online payments like PayPal or Amazon, social media
- Tier 2: A list of less risky accounts where no confidential information is kept.
- Create complex passwords for Tier 1 accounts – each account should have a UNIQUE password
- Use password managers to store and remember your details
- Delete the spreadsheet on your PC desktop that stores all your passwords (yes, I know you have one)
- Reset or change passwords regularly.
Is there another way?
Fans of Benedict Cumberbatch’s Sherlock Holmes will have seen the intense visual approach that the Holmes character uses to remember complex pieces of information. Called the Mind Palace, it involves visualising a complex place in which you can “physically” store your memory. Then by embellishing the location with story, the item to be remembered is reinforced and supposedly easier to recall.
If you really want to be safe on the internet, try storing your passwords in a Mind Palace. Here’s an infographic showing how it works. Good luck!