Faces rule. This is what Apple, Google, and Microsoft decided to do when they announced they would be expanding their support for the FIDO Alliance's fight to replace the internet's billions of password-based logins with smartphones. The announcement from the three browser giants, made on World Password Day, marks what Microsoft calls a monumental step toward a world without passwords. If you kiss that mug, it may open the universe.
The FIDO Alliance wants to take our stupid brains out of the equation. With good reason. The world's most common passwords are 123456, qwerty, and password. The most common animal as a password is the monkey. If we don't get hacked with weak passwords, we're locked out with strong passwords that we can't remember. Four out of five of us have forgotten at least one password in the last 90 days, and a quarter of us lose a password at least once a day, according to some estimates.
Maybe our brains have been set up to fail. The average person has about 100 passwords. The average person has about one face and it is unhackable. A passwordless world is more secure. It is a world with fewer reminders. Let's not forget that forgetting reminds us of who we are.
I don't have a password manager, so I don't need to remember passwords. This is a source of belittlement and rage from both my wife and my employer, which has several essential guides and cautionary tales on why you must, must, must have a password manager, and which one you should get. WIRED is like a locksmith telling his customers why they should replace their front door with beaded curtains. I'm only talking about the psychic benefits of forgetting, not the cybersecurity benefits.
For passwords, forgetting is a thing of the past. We used to blend our brains with the internet and use social media and the cloud to relive haunting memories. Kate writes about this in her book. The internet is almost entirely free of friction. Along this omnipotent slip-n-slide, rare are the moments that we don't scream at strangers. One of the internet's most annoying questions is: "How come you don't remember your password?"
Yes, Hulu. Yes, you can download it. The New York Times. You stopped my joyride. I lost my password again. I change my passwords from caps to lowercase like a seventh grader. There are random numbers and special characters in the middle of the words. The stronger the magic words are, the harder they are to remember.
My password strength is my weakness.
I often create new passwords with the recommended level of Entropy while in a state of unpredictability. I don't want to watch SNL anymore. I want that recipe now. Like a monkey, my paw tap taps refresh until the reset password link appears in my inbox. I usually change two or three characters from what I thought my old password was, in my flustered state, to build a new portal to where I want to be. To write it down. To get a password manager. I don't. The cycle goes on for a week, a month, or two years. My password strength is my weakness. My password security makes me worry about my inability to grow. This is the nature of cybersecurity. It is hard to come to terms with ourselves, it is one of the only places online where we must do that.
You won't find nirvana in logging in with your face. It will make us safer, but liberation from passwords will make us even more paranoid. Sometimes abandoning logins entirely will be found, something that entices you to do it. It could be argued that forgetting a password is a new path forged. I could follow the prompt to create a new password and travel to my original destination. Or I could just go back to my old password-protected sites and never use them again, or I could go somewhere that doesn't know the secrets I have.
Your passwords are a first line of defense against many internet ills, but few people actually treat them that way. While they are an imperfect security solution to begin with, putting in your best effort will provide an immediate security boost.
Don't think of the tips as suggestions. Think of them as essential to your daily life, like brushing your teeth or eating vegetables. Eat more vegetables.
1. Password managers can be used. Password managers like 1Password or LastPass create strong, unique passwords for all of your accounts. If one of your passwords gets caught up in a data breach, criminals won't have the keys to the rest of your online services. The best ones can be found on desktop and mobile. You just have to remember one master key, instead of having to memorize dozens of passwords. How do you make it strong? Read on.
2. Go long. Length is more important than complexity, despite the unique characters and letters that prompt you. It's much harder for a hacker to brute force a password once you get into the 12-15 character range. Don't use simple patterns or string together pop culture references. You can mix it up. You can live a little. Do you way less favors thanchitown banana skinnydip?
3. Keep them apart. If you opt against a password manager, lots of input fields will force you to bunch them all together at the beginning or end. That's what everyone else does, which means that bad guys are looking for that. They should be left out of your password to make it harder to guess.
4. Don't change anything. Are you aware that your corporate IT manager makes you change your password every three months? Your IT manager is wrong. The less often you change your password, the less likely you are to forget it or fall into patterns that make them easier to crack.
5. Only single-serving. If you are on the password manager train, you already know about this. If you can't be bothered, make sure you don't reuse passwords across different accounts. If you have no control over a retailer breaching, you could end up paying for your banking password. If your account is on Have I Been Pwned, it's a chance your password might be toast.
6. Don't trust your browser. If you want to remember your passwords quicker, you can use a browser that remembers them for you. You have seen the option yourself. You probably use it on at least one site. Don't! The option is convenient, but the underpinning security is often not documented. Dashlane is a password manager that will give you a free and easy option.