Two stupid password tricksComment on this story
New York - This isn't a post telling you that you should use a different password for every site, that you should use multifactor authentication for your email, or that you should use a password manager to store strong passwords. You should do those. (And you should eat less dessert, exercise more and call your mother.)
This is a post to share two stupid password tricks that will make your online life a little more secure without the (perceived) hassle of those other measures.
The first stupid password trick is a way to improve the “security questions” that sites have you set up in case you need to recover your password. What's your mother's maiden name? What street did you grow up on? Who was your first-grade teacher?
The idea is that only you will know the answer to these questions. By answering them correctly, the site verifies that you are you and lets you reset your password.
Ask Sarah Palin how that worked out for her. The flaw is that you aren't the only person who knows the answer to these questions. It's not just the public figures who are vulnerable. We're all Googleable, and those #TBT posts on Facebook and Twitter could give away a lot about your early years. Someone who's determined to get access to your email can do a little research and unlock your account.
My trick? Lie and keep telling the same lie.
What's your favourite ice cream flavour? Louis Armstrong.
What was the name of your high school? Louis Armstrong.
In what city did you have your first job? Louis Armstrong.
Don't give correct answers. Use the same stupid answer for all of your security questions. (If you're worried you'll forget the stupid answer, store it in a password manager.)
Stupid password trick No. 2 was inspired by a friend's tweet:
The password dance: 1) buy something, 2) forced to create account, 3) set password, 4) weeks go by, 5) go back, 6) forgot password, 7) reset
My first reaction to this was, “Why aren't you using a password manager?” But the more I thought about this, the more I think this password dance is really a simple method of implementing something like one-time passwords. Why use a memorable password at all?
Choose something really random, don't worry about saving it or remembering it, and force the site to re-authenticate you through email!
You get security without the need to add random sites to a password vault and don't need to install LastPass or anything new.- Slate/Washington Post