Nudging The World Towards Stronger Passwords
published Saturday, February 6, 2021
A future where people use a password manager to have strong passwords is a more secure future and I want to nudge the world in this direction. Forty is setup to require a password with at least 18 characters - that seems like a good start.
What Are Strong Passwords?
The strongest passwords are random, long and unique. Random passwords mean that knowing something about the user, like their birthday, doesn't give an attacker a hint at your password. Longer passwords take more time for an attacker to compromise. Finally, if you use a given password on only one site, then a compromised password only gives an attacker access to that site.
This is an example of a great password:
That's 26 characters with a couple numbers and punctuation thrown in. This is very expensive for a hacker to guess.
What Is a Password Manager?
Rather than creating memorable passwords, the more secure way to deal with passwords is by using a password manager application. I recommend 1Password but there are others. The way they work is you make a memorable master password and then all your other passwords are generated and stored in the manager.
When you go to sign into an account, you use your master password to unlock your password manager and then it looks up the site you're signing into and finds the password you need. This might sound tedious but these password manager apps have worked hard to make the process pretty painless! For example, 1Password has a Chrome extensions so that you can click a button, enter your master password and then it will fill in your password automatically for you. It's pretty slick.
Why Do You Care?
It's likely that some non-zero number of potential users will hit the Forty sign up screen, see the password requirement and bail. I accept this. But I also hope that another non-zero number of users will read this post and be inspired to begin using a password manager. This makes my heart happy. Be the change you want to see in the world, right??