Why Do You Need Passwords?
Every website wants you to have a login and password to:
- Know who you are to focus on selling their product to you.
- Protect your privacy.
You must register and provide a login and password. The websites use that login to know who you are and market their products to you. How often have you registered on a website and received emails from them with the greatest information or deal? That is their number one reason to know you. You don’t get the best deals if you don’t have an account. Every site wants you to protect your passwords. Password security is critically important.
The second important reason to register is to protect your privacy. If you apply for a great job and anyone with your email can access the information, reject a job offer, and change your address, your privacy is at risk.
How would this requirement to register at every store work for you in the real world?
You can go to your favorite store down the street and register before you see any deals, specials, or ask a question. You must register and then log in to do anything. Now you go to the store next door for coffee and register to order anything. Now you go to the bookstore and must register with them. They all have an app they want you to download. That would suck. But we all accept it online.
Passwords for websites are not bad. Protecting your privacy and not letting anyone access your account, credit cards, etc. is good.
The title ‘Your Passwords Need Protection’ is trying to make you think about why you need a password and why they need protection.
Password Requirements are Different on Each Site
Today, every website wants a unique password and has minimum password requirements. Most websites also have an application (app)—there is an app for that.
Here are some password requirements for popular web sites:
Facebook:
Passwords must contain at least one character from 3 of the following:
- Lowercase characters (a-z)
- Upper case characters (A-Z)
- Digits (0-9)
- Special characters, including punctuation marks and symbols.
Twitter:
Use a strong password that you don’t use on other websites. Your password should be at least 10 characters long and use a mix of uppercase, lowercase, numbers, and symbols. Use passphrases, not passwords. Do not use common dictionary words or phrases – these are predictable and easy to compromise.
Apple:
Apple requires that you use a strong password for your Apple ID—eight or more characters, including upper and lowercase letters and at least one number. Never share your Apple ID password, verification codes, or account security details with anyone. Don’t use your Apple ID password with other online accounts.
The list goes on. They are all different. The worst part is when special characters don’t work on some sites but do work on others. Now your random password has to know what not to include.
How Do You Remember All Those Unique Passwords?
Every password needs to be different to protect you. With every password different, if someone figures out one password, they can’t access any other information, so your bank account is still safe.
How Do We Manage or Remember All the Passwords?
People use two options. First, they ignore the request for a unique password and use the same password everywhere. This is not safe because if a bad person (bad actor) gets your password, they have access to all your accounts. Second, people create different passwords and then put them somewhere a bad actor can access them. This is where the real blog begins.
If you have a file with all your websites and passwords, how secure is that file?
Is your browser storing passwords? Mine is storing passwords, which means all someone needs is the login I use on my browser, and they will have all my passwords. It is very convenient and very dangerous. How strong is the account password for your browser account?
Are you using your phone? Today, your phone is a device I can take from you. I can hold it up to your face to unlock it and get all your passwords.
Are the passwords on your computer? The device that uses your face or uses a four-digit PIN. So, you are protecting your (minimum 8 characters with punctuation) passwords with a four-digit PIN? If I get or guess your PIN, I have access to everything.
What do you do? Today, you don’t have much choice. Most websites require you to register, and they need your details. You download those apps, register, and get the convenience. If you are like most people, you rely on browser password storage or App password storage. Now you must remember to use all your devices, including computers, tablets, and phones.
If you are required to log in, you say you forgot your password and force a reset. This allows the browser or app to update, and you are good again, for a while.
More sophisticated users are using multi-factor authentication (MFA). This could be a text message sent to your phone or a special application (yes, another app) that provides a changing number to log in. If it is a text message sent to your phone—the phone that was taken from you—the bad guy will now change your password. If you use an app, you can set up 2FA, which will slow them down.
You can tell your phone (Apple or Android) to require a login password. This happens when you reboot, but you can do it anytime. You would need to remember to do this and how to engage this function.
My recommendations:
- Don’t use the same password everywhere. Use good passwords.
- Because you are using different passwords get an App to help. Yes, another app. I use KeePass on my phone and laptop. It requires a password to open the database. This password needs to be good.
- Let your browser store the information but clear it every few weeks. This will add some frustration but help keep your information out of the bad guy’s hands.
- Use guest logins, and purchase with guest checkout. You won’t get a receipt, and they will complain about support. If you want support or will buy from them again, then create an account.
- Give feedback about the always-changing requirements for passwords. They should be eight or ten characters, and punctuation (special symbols) is allowed.
Remember, websites don’t care if you are hacked. If you follow the website rules to create a password and are hacked on a different site, it is your problem.