How To Beat Password Fatigue

Shocking discovery of the week: “password fatigue” is a real thing. The phrase refers to a certain type of exhaustion and inability to remember detail, caused by maintaining too many usernames and passwords. Simply put, our brains are tired, and while we’re snoozing, hackers are gearing up for an attack. So how do we wake up?

Innovative technology offers several new solutions in the form of interactive passwords. A recent piece in The Atlantic identified a few popular techniques. Android smartphones allow users to log-in by tracing a pattern on a 3x3 grid of dots, while Windows 8 offers a similar touch-based login connecting parts of a photograph. Smartphone apps, such as iSignOn, mimic this technology. But unless you’ve got abnormally clean fingers, you’re likely to leave a smudge trail on your device’s screen: the equivalent of a key hidden in plain sight.

Biometrics like fingerprints, voice identification, and camera-enabled face recognition are also available, but often require costly technology. And unless you want to feel like the star of an action movie, biometrics are a bit intense for our everyday online activity.

For the average computer user, our best bet is rethinking how we formulate passwords. Your birthday belongs on a calendar, not in your Gmail password. Security experts recommend a minimum of 14 characters, with a mix of letters, numbers, and special symbols. And never use dictionary words or proper nouns, like your dog’s name. Instead, try a mnemonic device for a phrase. It could be an aphorism or a line from a song. For example, take the phrase “I’ve got a lovely bunch of coconuts.” Use the first letter of each word as your password: “igalboc, or, jazzing it up with a variety of characters, iG@Lb0c.

Another philosophy, this one a bit simpler, advocates using long, nonsensical series of words. Ryan Neudorf at the branding and digital marketing agency Think.Shift writes, "Extremely complex passwords such as Adv3rt1se&3 would take about 3 days to crack. That sounds like a lot of time, but here's the real breakthrough: a very long password combining 4 common words and no special characters or capital letters - cookieadvertisefieldmagic, for example - would take the same computer doing 1,000 guesses per second 550 years to crack. Even when computers become 10 times faster, this password would take 55 years to guess."

Of course, if you use different, complex passwords for every online account, you’d have to be a savant to remember them all. The solution? A password management tool, like 1Password or KeePass which will store your account information and help you log-in to sites using one (very strong!) master password. Password fatigue, cured.

For more on this topic, read these:
"Rethinking Passwords," Think.Shift
"The Password Fallacy: Why Our Security System is Broken and How to Fix It," The Atlantic
"How Apple and Amazon Security Flaws Led to My Epic Hacking," Wired
"The Only Secure Password Is The One You Can't Remember," Lifehacker

Or listen to this:
"It's Time To Fix Our Broken Password System," NPR's Talk of the Nation

Image Credit: formalfallacy