+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Don't bother trying to remember all of your passwords - use this simple trick instead

Jul 11, 2016, 18:24 IST

You will never be able to remember this.Screenshot/Forrest Almasi

Passwords are inherently insecure.

Advertisement

Any password easy enough for you to remember is too short or simple to be effectively secure, whereas any password long and complex enough to be secure (and of course, unique per website) is too long and complex to remember. Yet, we use passwords everywhere.

For security reasons, you need a long, complex, unique password for every app and website you log into.

Passwords have to be long so it takes longer for a computer to guess it. It gets more and more difficult to guess a string of characters for each character you add. Passwords have to be complex so they don't appear in dictionaries or rainbow tables. Passwords also have to be unique so if you lose your password to one site, you don't lose your password to the rest.

Password management apps like LastPass and 1Password attempt to solve this problem by generating and managing very secure passwords for users. They make secure passwords that are incredibly long and utter gibberish. However, a password management app is a hackable single point of failure that you can be socially engineered into losing access to. Lose your password management app password, and you lose your passwords to every single site you cared about securing enough to use a password management app.

Advertisement

I'm not a fan of password management apps, but I like the idea. I don't want to have to remember passwords, but I want my passwords to be secure.

I stumbled on a way to have my cake and eat it too on LinkedIn. I rarely use LinkedIn, and as a result, can never remember my LinkedIn password. Because I can never remember my password, every time I use LinkedIn, I use the "Forgot Password" link and make a new password.

Thanks LinkedInScreenshot

From here I open my email, which has a link.

LinkedIn reset emailScreenshot

Advertisement

Which takes me to a password reset page, into which I enter yet another password I won't remember 6 months from now when I check LinkedIn next.

LinkedIn allows passwords of up to 400 charactersScreenshot

After doing this 3 or 4 times I realized I could keep doing this forever, and just not bother to try to remember my LinkedIn password ever again.

Most sites have a similar reset function so by extension, I can do this on every other site and never remember any password except my email's. If I don't have to remember passwords, and they're only used once, I can make them insanely long and random. LinkedIn allows up to 400 characters in their passwords. Twitter and Facebook don't appear to have limits. Here you have it - secure passwords with no memorization.

But this seems to create the same problem as password managers - your email is your new single point of failure. I'm willing to concede this, but if you enable two-factor authentication, lie in your recovery question answers, use a strong password, use separate emails to communicate publicly and register for sites, hide your registering email like you would a password, and look at the URL bar of your browser to make sure you're actually on your email provider's site when you're logging in, you should be fine.

Advertisement
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article