{"id":11070,"date":"2018-05-07T19:07:06","date_gmt":"2018-05-07T15:07:06","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/remembering-passwords-is-dead\/11070\/"},"modified":"2019-11-15T15:23:09","modified_gmt":"2019-11-15T11:23:09","slug":"remembering-passwords-is-dead","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/remembering-passwords-is-dead\/11070\/","title":{"rendered":"I&#8217;m done with remembering passwords"},"content":{"rendered":"<p>Twitter <a target=\"_blank\" href=\"https:\/\/threatpost.com\/twitter-urges-users-to-change-passwords-due-to-glitch\/131693\/\" rel=\"noopener noreferrer nofollow\">recently reported<\/a> a glitch that caused passwords to be accidentally stored in an internal log without a <a target=\"_blank\" href=\"https:\/\/securelist.com\/threats\/encryption-glossary\/\" rel=\"noopener noreferrer\">mask<\/a> \u2014 in plain text. The company said that there were no signs of hacking, the storage error had been fixed, and passwords did not end up in the wrong hands. There probably wasn\u2019t a leak, they said, but they advised changing your password in any case. And the new password, as we all know, should be strong and unique.<\/p>\n<p>For me and many others, this was painful. I store passwords in my head and nowhere else. To make them easy to remember yet strong, I use my own <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/7036\/\" rel=\"noopener noreferrer nofollow\">technique<\/a> to generate them. I start with one keyword, add a few digits, change the letter case in certain parts, and sprinkle in some special characters and a few more symbols related to the service I\u2019m using. That way the password is unique, quite long and complex, yet memorable.<\/p>\n<p>The technique has long served me well \u2014 no matter how many services I use, I can still recall the passwords even for ones I seldom use because I know my password-generating technique. But over time my approach has run into a problem: Services leak users\u2019 passwords every so often, thereby forcing people to change them.<\/p>\n<p>Unfortunately, my technique provides only one password for each service. To create another means tweaking the technique, which can make the new password much harder to recall. Either a new keyword is needed or a different set of digits, or I could use some other letters related to the service (for example, if before it was the first two characters of the company\u2019s name and the last two characters of the service name, now I might use three characters instead).<\/p>\n<p>Changing the technique is a major problem for the old gray cells, because some passwords are generated with the old method, and others with the new one. And if like me you\u2019ve been using this approach for more than a few years, the technique has probably gone through a fair few iterations.<\/p>\n<p>It\u2019s happening more and more that when signing into a service, I suffer a mental block. My muddled thought process is something like: \u201cOK, what password do I use for this service? This one, I think. No, wait, there was a breach and I changed the password. It probably uses the secondary keyword now. Ah, no, the breach was ages ago, I wasn\u2019t using this keyword yet. So what did I tinker with? Maybe the digits\u2026?\u201d You get the picture.<\/p>\n<p>It\u2019s not that I have a bad memory, but after so many breaches, sometimes I can\u2019t remember a password. When that happens I have to reset it, which further complicates my already complex password world. The keywords and sets of digits go on multiplying \u2014 and every time, I have to recall what combination of parameters I used for each service. The algorithmic certainty of having one password per service has been shattered.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>The rules for remembering passwords no longer work. Seems like it\u2019s password manager time.<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fwj1h&amp;text=The+rules+for+remembering+passwords+no+longer+work.+Seems+like+it%26%238217%3Bs+password+manager+time.\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>As the accounts stack up (new banks, car-sharing services, forums, etc.), my set of passwords becomes messier and messier. So for me, Twitter\u2019s recent statement was the last straw.<\/p>\n<p>It seems the time has come to entrust the storage of this hodgepodge to a password manager. When passwords have to be changed frequently, the mnemonic system breaks down \u2014 the rules become too numerous.<\/p>\n<p>But for a password manager it\u2019s child\u2019s play. All you need to do is go into the service settings and click the \u201cChange password\u201d button, and <kpm placeholder>Kaspersky Password Manager<\/kpm> will automatically insert your current password and offer to generate a new one.<\/p>\n<p>The password manager automatically saves the new password to its database. There\u2019s no need to remember it, either. The only thing you must commit to memory is the single master key to Kaspersky Password Manager, something that is eminently doable.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kpm-download\">\n<p>For a long time, I balked at the prospect of using a password manager \u2014 my own brainpan (and the techniques that I came up with) seemed a far more reliable option. But the times are changing, and data leaks continue to rise in number and scale. What worked yesterday is clumsy and obsolescent in this brave new world.<\/p>\n<p>I guess it\u2019s time to succumb to the inevitable and switch <a href=\"https:\/\/me-en.kaspersky.com\/password-manager?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">to a password manager<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How Twitter\u2019s \u201cnot-a-leak\u201d made me realize that remembering passwords no longer works.<\/p>\n","protected":false},"author":675,"featured_media":11071,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1485],"tags":[1449,1021,1183,405,187,521,83],"class_list":{"0":"post-11070","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-special-projects","8":"tag-breaches","9":"tag-kaspersky-password-manager","10":"tag-leaks","11":"tag-password-manager","12":"tag-passwords","13":"tag-threats","14":"tag-twitter"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/remembering-passwords-is-dead\/11070\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/remembering-passwords-is-dead\/13267\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/remembering-passwords-is-dead\/15338\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/remembering-passwords-is-dead\/13613\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/remembering-passwords-is-dead\/12938\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/remembering-passwords-is-dead\/16097\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/remembering-passwords-is-dead\/15654\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/remembering-passwords-is-dead\/20526\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/remembering-passwords-is-dead\/4955\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/remembering-passwords-is-dead\/22334\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/remembering-passwords-is-dead\/10490\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/remembering-passwords-is-dead\/10437\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/remembering-passwords-is-dead\/9182\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/remembering-passwords-is-dead\/16662\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/remembering-passwords-is-dead\/18863\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/remembering-passwords-is-dead\/20231\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/remembering-passwords-is-dead\/20227\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/passwords\/","name":"passwords"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11070","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=11070"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11070\/revisions"}],"predecessor-version":[{"id":14693,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11070\/revisions\/14693"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/11071"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=11070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=11070"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=11070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}