Forgot your password?
KUALA LUMPUR, July 23 — Passwords. How many do you have? Let me tell you how many I have: email addresses (I have about five official ones), bank (two), social media (Facebook, Twitter, Pinterest, Tumblr, Livejournal, TypePad), PayPal, eBay, shopping sites, membership sites, airline sites... and the list goes on.
Somebody asked me how do I remember my passwords without losing my mind. Trust me, I’ve had to reset my passwords many times. And some sites don’t allow you to use your past passwords. Don’t bother jumbling your birthdate. Eventually, you run out of variations and randomisation.
ST Chong is an accountant who has countless passwords as well. “I tend to jot my passwords down because I always end up forgetting although I have a pattern of sorts for my passwords. I store them on my mobile phone using a notepad app that is password protected,” he said.
What if he loses the phone?
“I wouldn’t say that it is fool-proof but at the very least I hope it would frustrate anyone trying to get in to look at my passwords. Admittedly, there is some risk but I never leave my phone anywhere except on my person when not in use,” replied Chong. I asked Kunal Singh, a senior consultant at an IT firm, about password security. He has been in the IT industry for a decade and security has always been top priority especially when it comes to financial institutions and such.
“The most obvious and localised ‘single sign-on’ initiative would be password ‘wallets’ our browsers use. The ones where Chrome, Firefox, IE, Safari, etc ask whether we want them to remember the passwords. But the browsers also do not remember for us our banking account passwords and other sites that specifically inform the browser that the password and/or usernames are to be stored,” said Kunal Singh.
For him, his passwords are generally short, not longer than 10 characters and it includes non-alphanumeric characters and not many variations. These are for the important sites such as banking and work-related ones. The weaker passwords are used for hobbyist sites that are not as important.
If you are using unimportant sites which require usernames, passwords and valid email addresses to validate the user, you can get throwaway email addresses like www.mailinator.com to register.
Kunal Singh uses a text file in his laptop, backed up in another laptop and an external hard disk. The file name is obviously something vague so that nobody will bother to access it if it falls into the wrong hands.
He advises using password strength checkers online to prevent hacking or breach of security.
College student Ahmad Hussein categorises his passwords to trusted, normal and not trusted.
“The normal and not trusted passwords are the same across all categories. The password for trusted services uses the same password as a base, with a modifier for each service so that it is distinct. So that even if you manage to figure the password out for one compromised service, (highly unlikely, since it’s a random string) you still can’t use it elsewhere I have an account,” said Ahmad.
It is indeed interesting to see how users are getting smarter at encrypting their passwords through trial and error.
I asked Paul Hing, a sound engineer, about the password protection he uses and until now, I’m still surprised by his answer.
“I remember a specific sequence so that it can only be one of eight iterations. Basically, they are all keywords from a specific passage from a classic novel but with a number variation,” he said.