Article Lead Image

Photo via Christiaan Colen/Flickr

Even your best password is probably terrible

Happy ******** ***!


AJ Dellinger


May 5 is World Password Day, which means we should be celebrating those words and phrases that let us login to our many accounts. But let’s be honest with ourselves on today of all days: Passwords are the worst.

It’s not just your passwords that suck, though odds are they do because you, like most people, probably completely ignore tips for making strong passwords and just put a string of numbers in order or the word “password,” as if those have been bad passwords for so long that they’re suddenly good ones now. 

Passwords suck because the best practices for security make them difficult to remember and still guarantees you next to nothing. You can rack your brain all you want to remember your 18-digit login with random capitalization and numbers scattered throughout, but a hacker can copy and paste it in plain text if the service you use it for doesn’t have the common courtesy to protect your data on the backend—and plenty don’t!

You’re supposed to undergo that same process to create a unique password for every account you use (the average person has over 90 online accounts), each containing some combination of letters, numbers, and symbols that you’ll end up forgetting and having to reset anyway. 

Even if you do manage to remember the secure string you put together, you’re supposed to change them every couple months to something you haven’t used yet, and then commit that to memory—a practice that does more harm than good because it makes people pick simpler passwords, according to FTC Chief Technologist Lorrie Cranor.

Some of this hassle can be mitigated by using a password manager to store your passwords in a secure vault—often creating much stronger and more difficult to crack codes than your puny brain would ever come up with. In some cases, like with Dashlane, it even gives the option to generate new passwords on a whim, effectively handling the biggest hassles of password management for you.

Of course, then you’re putting all your eggs in one basket; you have to remember just one password—that should still be super secure because now it’s the key to every account at once—and trust that your password manager of choice will never be compromised. Just last year, the massively popular LastPass suffered a significant security breach. Passwords weren’t compromised in the break-in, but it was enough to give the service’s 7 million users a good scare.

Probably the best thing you can do is turn on two-factor authorization anywhere you can. It’s not perfect, and it’s been dumbed down on occasion to encourage users to activate it, but it’s an added layer of security that beats whatever you come up with punching away at your keyboard. 

Two-factor authorization comes in many forms; if you have a fingerprint scanner on your phone, then you’ve used it. As the name suggests, it’s a system that requires two means of verifying your identity. Often that means entering a password, then receiving a security code on a secondary device associated with you. 

Major sites and services like Google, Apple, Microsoft, Facebook, Twitter, and PayPal all offer some form of this; here’s a comprehensive list of every company that uses 2FA and how to activate it.

Once you’ve taken every single possible precaution imaginable to ensure that your passwords are locked up like the digital equivalent of Fort Knox, there’s just one thing left to do: Prepare for them to be stolen anyway. 

Hundreds of millions of passwords are compromised every single year; in all likelihood, one of yours will be in that bunch.

Those are just the odds, unfortunately. At this very second, someone is probably adding movies to your Netflix queue without your knowledge, and there’s nothing you can do about it except change your password and hope it doesn’t happen again. 

One day in the not-too-distant future, passwords will be a thing of the past and biometrics will be how we access our accounts. That might mean swallowing a pill or taking a selfie, but your password will be you. When that day comes, we can all rejoice, and May 5 can simply be a remembrance for the incredible amount of inconvenience we were willing to undergo just to access our most basic online needs.

That day isn’t here yet. Sadly, the only day that is here right now is World Password Day. Please let it be one of our last.

Share this article

*First Published:

The Daily Dot