Security and Convenience
I watched my father try to log into his Apple account and the experience was “painful”. He was denied time after time just when thinking he had recalled the right combination of characters. In fear of being locked out of his account because of too many tries, he went for the “Forgot my password” route.
Sometimes this path is implemented with the user in mind and involves a simple link to reset the password via email. Other times, it is a lengthier process involving multiple security questions. Questions that you thought the answer could only be one thing, but against all odds it is not currently working. There must be an easier way.
Characteristics of Strength
Experts recommend that a password be more than ten characters in length. Contain a variety of characters: uppercase, lowercase, numbers, and symbols. The passwords should not contain patterns, recognizable words, or anything else that is easy to guess[1]. Yes, I am talking to you if your password is “password123”. It is also advisable that passwords are not re-used from site to site. Be ready to remember seventy plus strings of near random characters. This is of course an unreasonable expectation, but there is a solution.
Password Managers to the Rescue
If you already use a password manager, please take this time to give yourself a pat on the back. Password managers have existed for over ten years. However, there are still many people who are not taking advantage of them. Many are free and open source like Bitwarden or KeePass. The idea is that you only need to remember one password and the manager keeps track of the rest. Typically they can also generate very strong passwords too. Passwords are always encrypted or hashed so the plain text versions of the passwords are not stored.
Encryption is a two way process involving a private key that the user can decrypt the cipher-text version of their password. On the other hand, hashing is deterministic meaning the algorithm produces the same result for the same input at a fixed length [2]. It is considered to be irreversible. Generally, hashing is done many times; Sometimes over 10,000 passes or 100,000 depending on the manager. I hope your interest is piqued about considering a password manager, if you were on the fence. Technology should simplify our lives, not add more stress.