June 27, 2019

Passwords should be disposable

Passwords should be disposable

Passwords should be long - as long as you want to make them. The longer the password, the bigger its entropy. Mathematically, guessing the password sallysallysally will take longer computing time than sally. Websites or apps that ask for 8-16 character passwords should not be asking for a max character limit of passwords. Instead they should encourage users to create long passwords. Also, do not restrict the user to only use certain special characters - let them use all of them.

On the other side, passwords should be disposable. With password managers becoming more and more common, this is more doable. Because all you have to remember is the one master password, you can use the master password to unlock the password manager, which in turn fills in the username and password fields for you. In more modern cases, with laptops with finger print sensors, or FaceID in phones, you dont even have to type in your master password all the time - you just use your finger or face and magic happens! In such a case passwords can become disposable. They dont have to be recycled. Instead you can have varyingly different passwords for different services (which ideally you should do but its difficult to do without an app helping you), making your accounts more secure by design. If one account gets compromised other accounts are still safe because they do not share the same password as the compromised account.

There are a lot of password managers available. Even the browser you use offers to save passwords for you. Safari and Chrome now suggest passwords to you when you are signing up for an account. I personally use 1password. It is a great solution for managing your passwords and it is secure. It is also two factor friendly, meaning that you can use 1password as a code generator for all your apps with two factor setup. The other app that I have found out recently about is Firefox Lockwise. Given it is controlled by Firefox, I am somehow more comfortable with this than other free solutions out there.

Give  password managers a shot. They will make your life easier and more secure.