Your password probably sucks

I’m going to write two phrases. Try and remember both of them by the end of this article. One is completely random, and the other less so.

• X93YtuF7g\\+3
• Sprinkle pretzel rainbow

Got them? Good. Let’s keep going.

Over the past few days there have been a number of stories about hacking: companies being hacked, software vulnerabilities, and so on. The first major story occurred when Burger King’s social media team found someone had hacked into its Twitter account, replaced the logo with a McDonald’s brand and started tweeting some pretty shocking tweets.

Not 24 hours later, Jeep found the same exact thing had happened to them. And soon afterwards, Twitter made a blog post giving everyone a “friendly reminder” about password security. In that blog post, Twitter made the following statement:

“Your password should be at least 10 characters that include upper and lower case characters, numbers, and symbols. You should always use a unique password for each website you use; that way, if one account gets compromised, the rest are safe.”

Both statements make sense, right? Having a totally random password will help your security. And after all, chances are good your current password isn’t very secure. The annual list of the most popular passwords still puts ridiculous entries like “1234” and “password” in the top 10. No wonder we’re getting hacked so often.

The reason a lot of people don’t put effort into making more secure passwords is because they hear advice like this, and then think it’s just too much effort. So they don’t bother at all, and just continue using whatever password they wanted to.

This problem has even spawned a nice little business for software developers who create applications that create super-random passwords and then sync them to all your devices. It’s a good solution, but it’s expensive.

In any case, the hacking incidents only serve as more evidence businesses – even big businesses – don’t have it all together when it comes to password security, or even security in general.

The number of entrepreneurs I meet who don’t put a passcode on their phone is astounding, but the number of businesses which actually don’t use secure passwords – or demand their employees use them – is even more shocking.

This is an important topic because if your employee loses their own login, that’s all it takes to get into your system and steal some important information. I don’t need an administrator’s password – I just need one. That’s all.

The message here is pretty simple – passwords aren’t a kid’s game anymore. With all of your most important information on the internet, just spend some time making a stronger password for each of your accounts, and then changing it up for each one.

You can set your browser to remember them, so it shouldn’t cause you an inconvenience. And in any case, a little inconvenience is worth the security – otherwise you’ll end up like Burger King and Jeep.

Now, do you remember the two phrases at the top of the page? I bet you only remember one – “sprinkle pretzel rainbow”. It’s obvious why – it’s easier to remember a phrase than a bunch of random letters. This is why people disregard complicated passwords.

But your password doesn’t need to be random to be complicated. Just throw a few seemingly meaningless words together and create a catchphrase to use for a password. You’ll find it’s surprisingly easy.

I wish I could be smart enough to say I came up with this idea, but it was actually a web comic that brought it to my attention. Your password can be random – but remember, it only has to be random to everyone but you.