Passwords are really not fit for purpose any longer. There will come a point in the next few years when the financial losses caused by the increasing ease of cracking passwords will force the IT world to introduce an alternative.
Oddly enough, the IT world scored an own goal a few years ago when it decided to make people stop using passwords such as, er, “password”, “qwerty” and “111111”. Nowadays it’s common to force people to use “at least one upper-case letter, one number and one symbol” in their passwords. However, humans are only human: the result has been that to accommodate remembering something so complicated, we’ve all started using the shortest passwords which are permitted, and re-using the same ones all over the place. And as the most famous cartoon ever about passwords reminds us, odd characters don’t present any sort of obstacle to brute-force guessing. Only the length of the password does that.
So how should we tackle the problem as individuals? Having a different password on each of our important online services is just common sense. But the sheer number of passwords we all have to remember is a problem. We can write passwords down in some sort of coded format, but who wants to carry round a book?
One approach is to combine a consistent part (which only you would know), with something related to the site or service (making the password unique for each service). So, for example, the first half of the password could cover the “upper-case letters and numbers” requirement (an old car registration number is perfect), then add a symbol to keep the IT people happy (a slash might do). Finally, make the password up to a decent number of characters (20 is good) with something related to the site or service. Just typing name of the site itself might be a little obvious, but there are all sorts of easy to remember coding systems, such as using the key to the right of each letter.
Another method is to use a password manager, as I do. There are several good ones which work on PCs and as apps, such as 1Password, and they come with two big advantages. Firstly, they can remember our user names, as well as passwords. Secondly, they can fill them in for us on many web sites, saving a lot of time and effort. There are still potential security problems, but nothing like as bad as using “weak” and repeated passwords. I would really miss my password manager.