Passwords that rule


By Matt Bentley

If I had $5 for every time I retrieved or reset someone’s password when they’d forgotten it or hadn’t written it down I’d have … well, about the same amount of money I have now.

It can take anywhere between one and ten minutes to get a password back depending on what’s required and the account in question.

One problem for many users is that computers can confuse you a bit by remembering your passwords for you.

I can’t recall the number of times I’ve had a client tell me they don’t have an email password when what’s actually happened is their web browser remembered it the first time they entered it, and they haven’t had to remember it since.

But when your computer breaks, or software needs re-installation, you’re going to need that password again. Here’s a bunch of best practices for passwords and recalling them, based on my experience and the advice of security experts:

1. Don’t re-use your passwords for different accounts because if someone hacks one account the first thing they’ll probably do is see if they can get into other common services using that same password and the email address associated with the account. At the very least have different passwords for important services like banking, email and Facebook.

2. Make your passwords long, the more characters the better. Somewhat counter-intuitively “$%FG” is not as strong a password as “thebrownfoxranoverthelonghill” because of the way information theory works. You don’t have to write a novel but 8-13 characters ought to do it.

3. Use two-factor authentication if and where possible. Typically, this involves giving the service your mobile phone number so that when you log in from a different location it’ll text you a pin on your phone that allows you to log in. This effectively means no-one can hack your account without your phone. Sometimes services will use email instead of phone.

4. Don’t record your passwords within the computer, for example, within a Word document or text file. Pen and paper is more hacker-proof. Keep an easily-identifiable notebook or journal specifically for your usernames and passwords, and clearly identify which username/password is associated with which service. Of course, if you get robbed, you might lose it but the same thing will happen if someone steals your computer and you have them written in there.

5. Do write down your passwords! If an account you own is hacked and the password is changed by the hacker the first thing a company like Google or Facebook is likely to ask for is the previous password to prove you’re the original owner. If you don’t have it things get tricky. I guarantee you that at some point in the future – even if you’re closing the account – you are going to need those passwords again. If you don’t have them written down, you’re going to have to call in someone like me.

So, of course, if you have forgotten your password, or have had an account hacked and can’t get into it, you can give me a bell.

Next time I’ll be talking about backing up – when to do it, how to do it, and why.

Matt Bentley of Matangi Home PC Support

* Matt Bentley is the owner of Matangi Home PC Support. He has 20 years experience in computer hardware and software and his services include virus removal, PC optimisation, inspection and repair.

Matt writes a semi-regular column for Tamahere Forum on computer matters. Check out his website here for contact details.

Like what we do? Support us in our mission to keep Tamahere informed.

Leave a Reply

Your email address will not be published. Required fields are marked *