I love computer security. Worked in the field for half a decade, but got out of it when I moved to Memphis. Would love to get back into it, if I had the opportunity. So when I see stories like this Register article about a Western Australia Auditor General report on poor password security, I like to pass it along in hopes that others will learn a little something from it.
Among these [60,000 easily guess passwords], ‘Password123’ was in use by 1,464 accounts, ‘Project10’ by 994, ‘support’ by 866, ‘password1’ by 813, and ‘October2017’ by 226, to pick only the top five worst offenders in popularity order.
Folks, the most secure password is one you can’t remember. That’s why I recommend a password manager. Pick one really good password to protect your master database, then let the password manager generate all your passwords going forward. Periodically change your master database password. Lather, rinse, repeat. What password manager? Well, I personally use LastPass. If you don’t want to pay for one, try out KeePass. If you don’t want to take my word for what to use, I can also advise you to consider any of these recommendations from LifeHacker (spoiler alert: they recommend the same 2 I do, plus a few others).
But the important takeaway from this story should be that you can’t do this on your own. You’ll probably mess up. People are bad at generating random passwords. People are bad at remembering hard passwords. People are bad at keeping track of hundreds of passwords (that’s how many I have – others may not use as many as I do). But computers are really, really good at this stuff, so let them do the heavy lifting here.