Tech Talk #154–May 8, 2021

Yep, passwords again.

Once upon a time, say a whole two or three years ago, “they” told us to change our passwords regularly. The thinking was that if someone had your Facebook or email password, they could log in to your account to, I don’t know, check up on your posts and emails? If they had your bank or credit union password, they could transfer money. The theory was that changing your passwords frequently would eventually lock these people out of your account, no harm, no foul. And it would, but there’s a problem.

If someone has your password, they’re going to do some damage right now. Not in a few weeks or months when you change your password. They’ll log in to your accounts and try to transfer money out of your account, buy stuff in your online shopping accounts, use your email address for spam or phishing, or spam and scam your Facebook friends, all while pretending to be you. Someone who has your password will use it immediately to make a profit because that’s all they want.

People don’t enjoy having passwords in the first place, and we really don’t enjoy changing them. Period. If we all had lots of time and excellent memories, I suppose going around changing our passwords all the time would be workable. But we don’t, and it isn’t.

And changing a password “just because” is terrible advice. When forced to change a password, most people don’t create a new strong, and memorable password; they add a number or some punctuation to their existing password.

Most of us have tens or hundreds of online accounts, all with passwords. Why do we have passwords for these accounts in the first place? Think of your online account as a door into Home Depot, AT&T, Albertsons, Instacart, or some other place. They’ve locked the door, and you need a key to get in. Your password is your key.

The best advice on passwords is to have something longish, random, easy for you to remember, and mutable. Pick three random things around you, add the last two digits of the current year, and end it with an abbreviation for a site. Something like patiodeskblender21-AMZN. All you have to do is change the part after the “-,” and you’ll have a strong and unique password for every site. Or, you could use a password manager like LastPass, 1Pass, or Dashlane to remember your passwords and create strong, unique passwords for each site.

When should you change your password? Whenever you hear or read about a company data breach where email addresses and passwords get stolen. Think Yahoo!, First American Financial, Facebook, Marriott, Twitter, Experian, Adobe, eBay, and a depressing number of others. After a data breach, change your most sensitive passwords like your financial, shopping, and email accounts.

Also, if you use the same password for most of your online accounts, it’s probably a good idea to change them to unique passwords. Not all at once, of course, you’ve got better things to do. But do it, okay?

What are you going to do with these passwords? How are you going to remember them? Either use a password manager like the ones already mentioned or—and don’t laugh here—write them down. Yes, write them down. Preferably all in the same place instead of on separate pieces of paper, the backs of envelopes, or whatever was handy when you changed that password. A small notebook or address book works fine. Heck, they even sell password books organized to keep your passwords organized.

Wait, what? “They” always said don’t write down your passwords? It might not be a good idea if you work in an office or a public setting, but at home? Write em down. If someone breaks into your house, it will not be to get at your password book. Your TVs, jewelry, tools, Hot Wheels collection? Sure. Passwords? No.

A man dies and goes to the not-good place

The devil greets him and says, “Hi Dave, welcome. Now, the Wi-Fi password here is…”

“Wait, you guys have Wi-Fi down here?”

“Of course we do.” said the devil.

“Great! That’s more than I was expecting.”

The devil continues, “So, as I was saying, the Wi-Fi password is the number pi.”

Do you have a computer or technology question? Greg Cunningham has been providing Tehachapi with on-site PC and network services since 2007. Email Greg at greg@tech-hachapi.com.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.