Four steps to make sure your passwords are safe and easy to remember For over15 years, there have been various predictions from tech leaders about the death of passwords. Bill Gates predicted it back in 2004 and Microsoft has predicted it for 2021. There have been numerous similar proclamations in between, alongside ongoing criticism of passwords as an inadequate means of protection. Yet passwords remain a common aspect of cybersecurity, something people use every day. What’s more, passwords show little sign of disappearing yet. But many people still use them badly and seem unaware of recommended good practice. World Password Day on 6th May, it’s a good time to reflect on our use of passwords and how to have better password habits. It’s very common for cybersecurity experts and companies to blame users for using passwords poorly, without recognising that systems permit their poor choices.
Outdated advice In addition to lacking guidance, it’s common to find websites enforcing outdated password requirements. You’re probably familiar with systems insisting on password complexity, by requiring upper case letters, numbers or special characters to make passwords stronger However, the current guidance is to allow complexity but not to require it, and to basically regard password strength as synonymous with password length. The National Cyber Security Centre recommends creating a long password by combining three random words, enabling something longer and more memorable than many standard choices.
My password attempts Also unhelpful is that, rather than giving guidance and requirements at the outset, many sites only reveal rules in response to Many websites offer no upfront guidance on us trying things that aren’t allowed. I tried how to choose the passwords they require us creating a password for one such site. Most of my attempts received feedback requiring to have, perhaps assuming we know these further action, until I settled on a final choice, things already or can find it out elsewhere. But the fact that people persist in using weak which was accepted without complaint. But the password that was accepted, steve!, was passwords suggests this is an optimistic view. short and rather predictable. 10
