I had a quick count-up. I've got about 40 or 50 username/password combos in my private life (and still more for my work, which thankfully uses a secure password system. Phew.) So when I recently learned that 40% of us would rather scrub a toilet than change a password, whilst I concede that it may depend on the state of the toilet, I'd go along with that. It would be quicker and more satisfying to wipe the porcelains of an entire tower block than have to systematically hunt down and change them all.
And yet I think I may soon have to. In a frightening article, The Guardian tells us that the password system many secure sites would have us use (a string of characters and digits) ironically makes us more susceptible to hackers, rather than less. Because not many of us can remember truly random strings like %Thy77Ka1loB5f, we have instead a tendency to use Hopele55ly e@5y-2-gu3ss pseudo-words. Our security questions are laughable. What high school did I attend? Check out LinkedIn. My birthday? Facebook. There really isn't so much about us which can't be parsed together.
Because we have so many passwords to remember, and we are told not to record them anywhere, we end up using the same one for everything. Security is a matter of trade offs. The cryptographer Bruce Schneier, an advocate of writing down passwords, points out that most of us are pretty good at maintaining the security of small scraps of paper in the house. Hmm. I'm not entirely sure that a 'scrap' of paper would be big enough for my needs. And rather than being stored somewhere safely in my house, this foolscap-sized document would need to be carried on my person at all times as I smart-phone, iPad and laptop my way through life (being constantly annoyed at not being able to copy & paste any more). Of course, at some stage, I will inevitably lose them. Ooops. The laws on fraud require you to properly protect your passwords: it's a lot harder trying to claim back the balance of your bank account if you're deemed to have been "grossly negligent" in protecting your passwords - and I'm guessing that writing them all on a big sheet of paper and leaving it in the pub is about as 'grossly negligent' as it gets.
Assuming that we are talking decryption and not keystroke reading, hackability is all about the length and complexity. Take a look at the infographic below, which shows the difference in time taken to hack a 6 character password with no symbol and a 10 character one with a symbol. (Answer: about 54 million centuries).
Which is why it makes an enormous amount of sense to use a password generator/keeper system such as Roboform Everywhere or LastPass: mobile access software which will generate and store devilishly long and complex passwords for you, and file them under one single password.
The downside? As there is NO retrieval system, this is one single password you will really, really need to remember, all by yourself. Put that scrap of paper away.
This Infographic was created with the help of LifeLock. Follow LifeLock on Twitter.