You need long, strong, unique passwords on all of your important accounts. But not all your accounts are important.
Your email account, your bank account, cloud storage, and social media accounts (where your voice and reputation are defined for the world) are all important. They need strong passwords – created using the methods we’ll describe in this post.
But what about all of those other accounts? Most of us have dozens of silly little accounts – news subscriptions, the forums where we chat about music, an online service that adds special effects to our photos – that just don’t need crazy strong (and complicated) passwords. What’s the strategy for protecting these accounts?
- First, there is little risk if these accounts are compromised. They don’t hold credit card data, don’t provide public visibility, and don’t hold confidential information.
- There is no reason for anyone to break in – they’re free accounts anyway or offer nothing of monetary or even service value to most people.
Creating and using long and strong passwords is vital. It’s critical to our personal privacy and security but it requires time and effort and adds to the cognitive load of online life. When privacy advocates and security experts tell us that ‘every account must have a long and strong password’ and mention that this only needs to apply to important accounts, they add to our stress and needlessly slow down the fun parts of our lives. We deserve a little fun without having our guard up.
This is not to say that you should use one lousy password – your dog’s name or favorite sports team – for the password to every unimportant account. Re-using passwords, no matter how strong it is, is a terrible habit and we all have to break it.
The big problem with reusing passwords is when one account is hacked and the passwords spread online, bad guys immediately try those passwords in many other accounts. You don’t want to wake up to find a bunch of your accounts taken over because you used the same password on all of them.
One technique is to use one root word – that would be best if it wasn’t super common.Let’s pick ‘TurtleHair’ as an example, and then append to that the name of each place we use it. So for the New York Times the password would be ‘TurtleHairNYT’ and for music forums the password would be ‘TurtleHairMusic’.
These are not inherently weak passwords (other than the fact that it’s published here so don’t use this example!) – they’re more than 10 characters and not common words – but this can leave you with easy to remember passwords for a bunch of non-critical accounts that you use all the time. That even saves you the quick step of using your password manager when you quickly want to check the news or see what your friends are discussing.
If you’re new to password managers, this also means you don’t need to even load up dozens of low-risk passwords, you can just continue using them from memory.
Passwords for Key Accounts
It’s critical that you do not apply these password shortcuts to your key accounts. Any account where your login provides access to your money, your reputation, or your data, needs a very long, very strong, very unique password AND two-factor authentication.
Take the savings in time and mental energy you gain from not over-securing these insignificant accounts and apply it to keeping your key accounts super safe.
To learn how to secure these key accounts, check out our article here.