Choosing and Using Strong Passwords and Manage them easily
Now, there is a difference between some terminologies here that seems to be used interchangeably when they aren’t really the same.
- PIN: Numeric characters in sequence (usually 4 characters in length)
- Password: Letters, words, numbers, spaces, and symbols in sequence
- Passphrase: Significantly longer than passwords often with words in sequence
- Passcode: Apple’s take on a PIN/Pass combination (usually 4 digits but alphanumeric option available)
So when we take a look at creating passwords that are secure enough to protect us online, people tend to have the assumption that your passwords have to be all random characters and all different from each other. What a nightmare to remember! This isn’t true for like 97% of the population. Your passwords should be, for the most part, all different, but they do not have to be a combination of randomized characters.
You could even write down the part that changes somewhere fairly secure, like your Notes app on your phone - if your phone makes use of a strong passcode for encryption of course. Even if your kids are snooping through those notes, you don’t have to worry because they don’t know the base you have created. From the example picture, you would be writing down grip = Facebook, toes = PayPal, etc.
I would however recommend that instead of storing passwords on pieces of paper beside your computer, or in a diary you keep in your purse, or even on notes inside your mobile device, you look at getting a password manager like Bitwarden. I personally use and recommend Bitwarden for keeping all of your account information secure but easily accessible. It offers very good usability across your devices, and is accessible from anywhere in the world through your vault. This vault is always encrypted on their server and is only presented in an unencrypted form to you from within their app, or in your browser after inputting your account information to decrypt it. All of this encryption happens behind the scenes and is seamless with your login.
See: Secure Password Managers on PrivacyTools.io
However if you fall into the last 2 categories of this paper I would not recommend storing passwords in Bitwarden for accounts that can be accessed with a warrant. Things like your SpiderOak account do all the encryption client side and they do not store your password or encryption keys server side. So storing this password in Bitwarden could present itself with some issues if someone was able to provide a warrant to get in and see all your passwords. You could still store parts of these passwords in your vault but in a secure fashion to simply remind you if you are forgetful. Say your password for SpiderOak was Koala_PURPLE-2015==
, you could save the password in your vault as Ko*******5==. This should be enough to jog your memory, but not enough to give someone immediate access.