Two Stupid Password Tricks for Those Too Lazy for Proper Security

The Citizen's Guide to the Future
May 21 2014 10:21 AM

Two Stupid Password Tricks for Those Too Lazy for Proper Security

This isn’t a post telling you that you should use a different password for every site, that you should use multifactor authentication for your email, or that you should use a password manager to store strong passwords. You should do those. (And you should eat less dessert, exercise more, and call your mother.)

This is a post to share two stupid password tricks that will make your online life a little more secure without the (perceived) hassle of those other measures.

Advertisement

The first stupid password trick is a way to improve the “security questions” that sites have you set up in case you need to recover your password. What’s your mother’s maiden name? What street did you grow up on? Who was your first-grade teacher?

The idea is that only you will know the answer to these questions. By answering them correctly, the site verifies that you are you and lets you reset your password.

Ask Sarah Palin how that worked out for her. The flaw is that you aren’t the only person who knows the answer to these questions. It’s not just the public figures who are vulnerable. We’re all Googleable, and those #TBT posts on Facebook and Twitter could give away a lot about your early years. Someone who’s determined to get access to your email can do a little research and unlock your account.

My trick? Lie and keep telling the same lie.

  • What’s your favorite ice cream flavor? Louis Armstrong.
  • What was the name of your high school? Louis Armstrong.
  • In what city did you have your first job? Louis Armstrong.

Don’t give correct answers. Use the same stupid answer for all of your security questions. (If you’re worried you’ll forget the stupid answer, store it in a password manager.)

Stupid password trick No. 2 was inspired by a friend’s tweet:

My first reaction to this was, “Why aren’t you using a password manager?” But the more I thought about this, the more I think this password dance is really a simple method of implementing something like one-time passwords. Why use a memorable password at all?

Choose something really random, don’t worry about saving it or remembering it, and force the site to re-authenticate you through email!

You get security without the need to add random sites to a password vault and don’t need to install LastPass or anything new.

A few caveats:

  • If you really went to Louis Armstrong High School, don’t use Louis Armstrong as the answer for your security questions.
  • Don’t use Louis Armstrong anyway. It’s been used as an example here. (Just like you shouldn’t use “correct horse battery staple” as your password)
  • Yes, I know they’re not really one-time passwords. True one-time passwords would be enforced to single-use only by the authenticating server. These are enforce to single-use only by your mind (the same weak mind that thinks that you don’t need a password manager).
  • There are almost certainly e-commerce sites that limit how frequently you can change your password. That would cause havoc with this password management method if you plan to visit the site regularly.

These password tricks are stupid. They’re the equivalent of justifying the calories of the ice cream sundae by parking on the far side of the parking lot. It’s better than not, but you can do more.

You should exercise more, call your mother, and take stronger measures to secure your online existence.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Doug Harris is Slate’s chief software architect. He lives in Washington, D.C.

TODAY IN SLATE

Sports Nut

Grandmaster Clash

One of the most amazing feats in chess history just happened, and no one noticed.

The Extraordinary Amicus Brief That Attempts to Explain the Wu-Tang Clan to the Supreme Court Justices

Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.

How Much Should You Loathe NFL Commissioner Roger Goodell?

Here are the facts.

Amazon Is Officially a Gadget Company

Science

The Human Need to Find Connections in Everything

It’s the source of creativity and delusions. It can harm us more than it helps us.

Food

How to Order Chinese Food

First, stop thinking of it as “Chinese food.”

Scotland Is Inspiring Secessionists Across America

You Shouldn’t Spank Anyone but Your Consensual Sex Partner

Moneybox
Sept. 17 2014 5:10 PM The Most Awkward Scenario in Which a Man Can Hold a Door for a Woman
  News & Politics
Jurisprudence
Sept. 18 2014 10:42 AM Scalia’s Liberal Streak The conservative justice’s most brilliant—and surprisingly progressive—moments on the bench.
  Business
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
  Life
Outward
Sept. 18 2014 11:25 AM Gays on TV: From National Freakout to Modern Family Fun
  Double X
The XX Factor
Sept. 18 2014 12:03 PM The NFL Opines on “the Role of the Female”
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
  Arts
Brow Beat
Sept. 18 2014 11:48 AM Watch the Hilarious First Sketch From Season 4 of Key & Peele
  Technology
Future Tense
Sept. 18 2014 10:07 AM “The Day It All Ended” A short story from Hieroglyph, a new science fiction anthology.
  Health & Science
Bad Astronomy
Sept. 18 2014 7:30 AM Red and Green Ghosts Haunt the Stormy Night
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.