![Picture](/uploads/2/5/5/8/25585870/7341811_orig.jpg)
by Mike Disher
What's a guy to do?
Every internet site you go to wants you to log in with a username and password. I have to log in every morning to my computer at work. Then I have to get into my email...and, to sign my electronic time card its another username and password. My wife tells me to transfer some money between accounts, but I need to know a username and password for that. Aw snap...even my search engine wants me to log in so that I can save my searches. Its even gotten to the point where I need to authenticate to a website to make a doctor's appointment!
I know its important, I get it, I do. But is it really that critical to have so many different usernames and passwords? Can't I just find one good username and a good strong, impossible to guess password and use that everywhere so I don't have to remember so many of them?
This week I'm going to attempt to answer that question. Since the title of this post ends with "- Part 1", that's an obvious clue this will be a multi-part blog spanning 3 weeks. This week we'll answer, "Do we need all different usernames & passwords". Next time we'll look at how to create strong passwords. Last, we'll talk about what are some programs and/or methods you can use to keep track of all your passwords in a secure, reliable and retrievable way.
For this series on passwords, I'm going to take on the fictitious name of Joseph Blowers. Just an ordinary guy that has an email, social media accounts on Twitter, Facebook and a couple others, I bank at Bob's Bank of Boulder, and work at Wally's Widgets. I'm really bad at remembering stuff, so I try to keep most of my usernames and passwords the same. Since I HAVE to have a username of a certain format at work, I try to use that same username everywhere so at least one part is constant. At work the username is the 1st 3 characters of your first name, followed by a "." and then the first 4 characters of your last name. So my username is conveniently joe.blow, and my email address is [email protected].
At Wally's, we have to use really strong passwords, so I won't tell you what my password is, but suffice it to say that Ih@t3Pa$$w0rds. How's that for a strong password, eh? Well, I'm not going to use that password everywhere, I'll use it for my top secret work stuff. For my personal stuff, I'll use the same username, since my email account is the same name. So that will stay constant, but for my personal stuff I'll use a simpler, easier to remember password. Something like, oh heck, I don't have anything anyone wants, so I'll just use Pa$$w0rd! and that will pass most of the tests and I can remember it.
You're probably aware that lots of places use your email address as your username by default, so you just have to chose a password. Since my email address is [email protected] that also is my username at many of the sites I have signed up for, Including my bank. So, I bring up my email program and type in my super secret Pa$$w0rd!
Uh oh!! In checking my email, I see there is a message from one of the social media sites telling me that their website was compromised and several customers usernames and passwords were stolen. They aren't 100% positive, but mine could have been among them. They suggest I change my password as soon as possible. So quickly, I go into my account and add a "1" to the end of my password so they can't figure it out! But wait, where are all these Tweets coming from that say they're from me? "Look at the new Computer System I just bought on Amazon! What a steal!", it says.
"Oh my gosh!" I think to myself, "my Amazon account has the same username and password as was on that social media site! As fast as I can, I go to the Amazon site only to find that someone has already changed my password and I don't know what it is! So, I call Amazon and get that straightened out...only 3 charges there that I didn't order. Better call the bank. You guessed it! The bank has been compromised too, now, so they have all my financial information.
Enough! You get the picture, don't you! This is a compelling reason that you need to try your best to have varied usernames and passwords for all the different sites that you have to log in to. Without utilizing that approach, one breach can lead to multiple problems, not the least of which is complete theft of your identity.
It seems the only sensible thing to do, in order to protect your assets and your identity, is to suck it up and do what we all know is the right thing, even if it seems daunting. But there has to be a way to come up with good passwords that are strong enough to not be easily figured out, doesn't there? Certainly there must be something we can do to make managing this growing list of "credential sets" less painful, right?
Check back next week and we'll look at the part 2 of the series. How do you make unique, strong passwords? What makes them unique? Is there a way to have strong passwords but also make them memorable? Should we?
- - - - - - - - -
Check back with http://dishtech.weebly.com weekly as we present “THE DISH” on topics of interest for the technology curious!
What's a guy to do?
Every internet site you go to wants you to log in with a username and password. I have to log in every morning to my computer at work. Then I have to get into my email...and, to sign my electronic time card its another username and password. My wife tells me to transfer some money between accounts, but I need to know a username and password for that. Aw snap...even my search engine wants me to log in so that I can save my searches. Its even gotten to the point where I need to authenticate to a website to make a doctor's appointment!
I know its important, I get it, I do. But is it really that critical to have so many different usernames and passwords? Can't I just find one good username and a good strong, impossible to guess password and use that everywhere so I don't have to remember so many of them?
This week I'm going to attempt to answer that question. Since the title of this post ends with "- Part 1", that's an obvious clue this will be a multi-part blog spanning 3 weeks. This week we'll answer, "Do we need all different usernames & passwords". Next time we'll look at how to create strong passwords. Last, we'll talk about what are some programs and/or methods you can use to keep track of all your passwords in a secure, reliable and retrievable way.
For this series on passwords, I'm going to take on the fictitious name of Joseph Blowers. Just an ordinary guy that has an email, social media accounts on Twitter, Facebook and a couple others, I bank at Bob's Bank of Boulder, and work at Wally's Widgets. I'm really bad at remembering stuff, so I try to keep most of my usernames and passwords the same. Since I HAVE to have a username of a certain format at work, I try to use that same username everywhere so at least one part is constant. At work the username is the 1st 3 characters of your first name, followed by a "." and then the first 4 characters of your last name. So my username is conveniently joe.blow, and my email address is [email protected].
At Wally's, we have to use really strong passwords, so I won't tell you what my password is, but suffice it to say that Ih@t3Pa$$w0rds. How's that for a strong password, eh? Well, I'm not going to use that password everywhere, I'll use it for my top secret work stuff. For my personal stuff, I'll use the same username, since my email account is the same name. So that will stay constant, but for my personal stuff I'll use a simpler, easier to remember password. Something like, oh heck, I don't have anything anyone wants, so I'll just use Pa$$w0rd! and that will pass most of the tests and I can remember it.
You're probably aware that lots of places use your email address as your username by default, so you just have to chose a password. Since my email address is [email protected] that also is my username at many of the sites I have signed up for, Including my bank. So, I bring up my email program and type in my super secret Pa$$w0rd!
Uh oh!! In checking my email, I see there is a message from one of the social media sites telling me that their website was compromised and several customers usernames and passwords were stolen. They aren't 100% positive, but mine could have been among them. They suggest I change my password as soon as possible. So quickly, I go into my account and add a "1" to the end of my password so they can't figure it out! But wait, where are all these Tweets coming from that say they're from me? "Look at the new Computer System I just bought on Amazon! What a steal!", it says.
"Oh my gosh!" I think to myself, "my Amazon account has the same username and password as was on that social media site! As fast as I can, I go to the Amazon site only to find that someone has already changed my password and I don't know what it is! So, I call Amazon and get that straightened out...only 3 charges there that I didn't order. Better call the bank. You guessed it! The bank has been compromised too, now, so they have all my financial information.
Enough! You get the picture, don't you! This is a compelling reason that you need to try your best to have varied usernames and passwords for all the different sites that you have to log in to. Without utilizing that approach, one breach can lead to multiple problems, not the least of which is complete theft of your identity.
It seems the only sensible thing to do, in order to protect your assets and your identity, is to suck it up and do what we all know is the right thing, even if it seems daunting. But there has to be a way to come up with good passwords that are strong enough to not be easily figured out, doesn't there? Certainly there must be something we can do to make managing this growing list of "credential sets" less painful, right?
Check back next week and we'll look at the part 2 of the series. How do you make unique, strong passwords? What makes them unique? Is there a way to have strong passwords but also make them memorable? Should we?
- - - - - - - - -
Check back with http://dishtech.weebly.com weekly as we present “THE DISH” on topics of interest for the technology curious!