Updated: Dec 8, 2022
Before we dive into the second entry of the Millennial Minute, I either have a) a very precocious anecdote to tell or b) a very belated confession to make—I’ll let the readers decide.
In the year 2000 at the tender age of 11, I single-handedly shut a website down for several hours with almost no consequences. Security was treated very differently in the early days of the Internet. Recovering a lost password then was as simple as providing your username and having the website return a password to you. Nowadays you need to answer a security question, verify a backup account, and sell your firstborn. Taking advantage of the weak security, I gathered a list of website users in ten minutes flat and I quickly got to work “recovering” their passwords. In less than an hour, I had logged into over 200 accounts and made enough adjustments that the site went into lock-down. My endeavor took less than 90 minutes from start to finish yet shut an entire website down for six hours.
The reason I tell people this story is because 1) I only use my powers for chaotic good as opposed to outright evil, 2) internet security has come a long way, but 3) sadly, the average hacker is significantly more skilled than a preteen who isn’t allowed to open the door when his mom’s not home.
Unfortunately, your passwords are undoubtedly not as secure as you think they are. You’re not alone in this--I’m guilty too. I have used some of my passwords for over ten years, and I have a grand total of five different passwords that I use for nearly everything in my life. Despite this fairly lax approach to my personal Internet safety, I’m fortunate to have had only one email account ever be compromised.
Thankfully, "Work Kato" is a different beast--like Goofus and Gallant, but with equally great hair in both embodiments. While it’s perfectly acceptable for me to jeopardize my personal accounts, putting my company at risk might enable someone to use LMC’s financial capital to fund a Christian Mingle addiction.
Here are some helpful tips from your friendly neighborhood 11-year old hacker:
1. Avoid reusing passwords: For those of you who just heard screeching brakes inside your head, I don’t blame you. Realistically, I can’t ask people not to reuse passwords, but I can urge you to be mindful about them, like this:
None of my email accounts have the same password.
None of my financial institutions use the same password.
None of my important linked accounts share a password.
I have peace of mind that if Gmail gets compromised tomorrow, no one can drain my bank account. At most, they might be able to get into my Facebook and then the joke is on them, because I have enough friends to make me look like a catfisher and I make far too many Tiny Dancer jokes.
2. Bonus points for creativity: I’d like to think it’s common sense to suggest that using “password” as a password is a bad idea. Your name is not a good password, your birthday is not a good password, and the list goes on. For years, I used Positivity29! as a password, and nothing bad ever happened. My suggestion is to pick an 8-12 letter word that you’ll remember and isn’t too difficult to spell in a pinch. “Pterodactyl” might seem like a great idea, unless trying to remember how to spell it would be a problem. After your memorable word, apply numbers and symbols as necessary. I prefer an exclamation point or an octothorpe, but find something that works best for you. (Full disclosure: I might be flaunting a little nerd cred with “octothorpe,” but can you blame me? It’s an awesome word and probably the perfect password.)
3. Technology is your friend: My mother keeps all of her important passwords in a spiral-bound notebook on our living room floor which routinely causes me to hyperventilate. A master list of passwords is actually a good idea: choose from a number of different free password management software options. I currently use Dashlane to manage my passwords but can also speak highly of LastPass and Sticky Pass. Review their different features (and pricing tiers if you do feel like going with the Premium option) and see what works best for your needs.
Right now, I’m happiest with Dashlane.
It is compatible with Chrome and Firefox, allowing for auto-login on most websites when the extension is installed and enabled.
At first install, it was able to pull my existing passwords stored in my browser. What a relief it was not to change my Ancestry.com password for the 14th time this year.
It automatically asks to save new logins in your browser to avoid manual entry.
It can generate passwords, both when signing up for accounts and within the browser extension itself (a godsend when you’re tasked with creating different email passwords for an entire office).
4. Change is inevitable: Repeat after me: it is okay to change your mind, it is okay to change your password. I used to pride myself on having an encyclopedic memory of everything in my life – and this included my passwords. At the ripe age of 27, this encyclopedic knowledge has reduced down to my knowing an awful lot about places I might have left my wallet today. As a result, I used to spend days unable to log into important accounts hoping that I’d eventually remember my login (spoiler alert: this never happened). The first step for me was admitting the problem, which meant having to click that “Forgot Password?” link. Set yourself up for success and apply all the previous steps going forward when setting up new account passwords.
All of this focus on streamlining the password process has given me the next topic: Productivity and Time Management. Please tune in to my next post where we learn the joys of wordplay and bullet journaling as well as why screaming into the abyss is fine, but technology is better.