Two Stupid Password Tricks for Those Too Lazy for Proper Security

Future Tense
The Citizen's Guide to the Future
May 21 2014 10:21 AM

Two Stupid Password Tricks for Those Too Lazy for Proper Security

This isn’t a post telling you that you should use a different password for every site, that you should use multifactor authentication for your email, or that you should use a password manager to store strong passwords. You should do those. (And you should eat less dessert, exercise more, and call your mother.)

This is a post to share two stupid password tricks that will make your online life a little more secure without the (perceived) hassle of those other measures.

Advertisement

The first stupid password trick is a way to improve the “security questions” that sites have you set up in case you need to recover your password. What’s your mother’s maiden name? What street did you grow up on? Who was your first-grade teacher?

The idea is that only you will know the answer to these questions. By answering them correctly, the site verifies that you are you and lets you reset your password.

Ask Sarah Palin how that worked out for her. The flaw is that you aren’t the only person who knows the answer to these questions. It’s not just the public figures who are vulnerable. We’re all Googleable, and those #TBT posts on Facebook and Twitter could give away a lot about your early years. Someone who’s determined to get access to your email can do a little research and unlock your account.

My trick? Lie and keep telling the same lie.

  • What’s your favorite ice cream flavor? Louis Armstrong.
  • What was the name of your high school? Louis Armstrong.
  • In what city did you have your first job? Louis Armstrong.

Don’t give correct answers. Use the same stupid answer for all of your security questions. (If you’re worried you’ll forget the stupid answer, store it in a password manager.)

Stupid password trick No. 2 was inspired by a friend’s tweet:

My first reaction to this was, “Why aren’t you using a password manager?” But the more I thought about this, the more I think this password dance is really a simple method of implementing something like one-time passwords. Why use a memorable password at all?

Choose something really random, don’t worry about saving it or remembering it, and force the site to re-authenticate you through email!

You get security without the need to add random sites to a password vault and don’t need to install LastPass or anything new.

A few caveats:

  • If you really went to Louis Armstrong High School, don’t use Louis Armstrong as the answer for your security questions.
  • Don’t use Louis Armstrong anyway. It’s been used as an example here. (Just like you shouldn’t use “correct horse battery staple” as your password)
  • Yes, I know they’re not really one-time passwords. True one-time passwords would be enforced to single-use only by the authenticating server. These are enforce to single-use only by your mind (the same weak mind that thinks that you don’t need a password manager).
  • There are almost certainly e-commerce sites that limit how frequently you can change your password. That would cause havoc with this password management method if you plan to visit the site regularly.

These password tricks are stupid. They’re the equivalent of justifying the calories of the ice cream sundae by parking on the far side of the parking lot. It’s better than not, but you can do more.

You should exercise more, call your mother, and take stronger measures to secure your online existence.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Doug Harris is Slate’s chief software architect. He lives in Washington, D.C.

TODAY IN SLATE

Culturebox

The Ebola Story

How our minds build narratives out of disaster.

The Budget Disaster That Completely Sabotaged the WHO’s Response to Ebola

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

The Shooting Tragedies That Forged Canada’s Gun Politics

A Highly Unscientific Ranking of Crazy-Old German Beers

Education

Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.

Culturebox

The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

Would You Trust Walmart to Provide Your Health Care? (You Should.)

  News & Politics
Politics
Oct. 22 2014 9:42 PM Landslide Landrieu Can the Louisiana Democrat use the powers of incumbency to save herself one more time?
  Business
Continuously Operating
Oct. 22 2014 2:38 PM Crack Open an Old One A highly unscientific evaluation of Germany’s oldest breweries.
  Life
Dear Prudence
Oct. 23 2014 6:00 AM Monster Kids from poorer neighborhoods keep coming to trick-or-treat in mine. Do I have to give them candy?
  Double X
The XX Factor
Oct. 22 2014 4:27 PM Three Ways Your Text Messages Change After You Get Married
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
  Arts
Culturebox
Oct. 22 2014 11:54 PM The Actual World “Mount Thoreau” and the naming of things in the wilderness.
  Technology
Future Tense
Oct. 22 2014 5:33 PM One More Reason Not to Use PowerPoint: It’s The Gateway for a Serious Windows Vulnerability
  Health & Science
Bad Astronomy
Oct. 23 2014 7:30 AM Our Solar System and Galaxy … Seen by an Astronaut
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.