How to manage all those #%!&#! passwords and keep your sanity intact

Passwords may suck, but we're stuck with them -- for now, anyway. Here's the sane way to deal with them.

Remember when email used to be good? That was before spammers took over. Now it’s become a necessary evil -- a total time suck that’s less and less useful with each passing day.

That’s how I feel about passwords. They used to be a reasonable way of guarding access to important accounts. Now they’re a nuisance – and worse, a major security risk.

Just ask Matt Honan, the Wired writer who got his life turned upside by hackers intent to steal his Twitter account (and who decided to trash his life along the way). Their ability to social engineer his Apple ID, Amazon, and Gmail passwords – and then use them to wipe out the data on his Mac, iPad, and iPhone – made his life a living hell for a while.

You could call 2012 the Year of the Password Hack. We’ve seen a bunch of password leaks on a major scale -- LinkedIn, eHarmony, Yahoo Voice, Microsoft – with millions of them released into the wild.

The problem with passwords is that there are too many of them. Every bleedin’ site seems to require one now, plus a separate password if you want to log into their commenting system. And some of them are getting downright annoying about it – requiring “strong” passwords with 8 or more characters, a number and a capital letter in each one. Like we all have the time and brain capacity to remember 1bxQutly or Jb77rWZa for every site.

Is there any wonder why the most popular passwords are things like “password,” “welcome,” or “123456”? Like email, passwords used to work beautifully and now are hopelessly corrupted.

So, to summarize: Passwords suck. Unfortunately, the alternatives aren’t great. Sure, biometrics may one day offer a solution (if they don’t completely eviscerate our privacy first). Multi-factor authentication adds a layer of security to a password, kind of like a deadbolt on a door, but could eventually prove even more annoying than passwords if it’s widely adopted.

Some day we may even have a federated identity system we can log into once that will securely identify us across multiple sites without the need for passwords. And maybe that day will come before I’m dead. In 2011 the Obama administration launched the National Strategy for Trusted Identities in Cyberspace. Given that this is a government-driven initiative, though, I’ll probably need to live a long life to see that become a reality.

In the meantime, we’re stuck with passwords. What can you do? Here are four ways to bring sanity to passwords.

1 2 3 Page
What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies