What type of password should you choose for your user accounts? You may think that a very complicated password is the best option, but in reality, it is not so recommended. Below, we explain the reasons and go deeper into it so that you can see that perhaps what you are doing with your passwords is not the most convenient.
As much as there are password managers and other types of alternatives, the truth is that today we continue to suffer with passwords as much as in the past. Possibly, we suffer more. Because in the past we didn’t worry much about the passwords we selected. They could be obvious, be easy to discover for certain people and even, in the past, there were no notifications that would warn you saying “someone has connected from a new device.” It was the wild west. But, even so, we put passwords like “Juan23April”. Today, everything has changed.
Is harder is better?
Today we have been “sold” that creating passwords that are impossible to remember is the best. A good example of this is provided by Chrome’s random password generator. The Google program generates passwords for us and recommends them to us with extreme difficulty. There are so many letters, symbols, numbers and other elements that no one in their right mind could remember them. Then imagine that a password like “22o34ijffjsd3411!!!!edd!!!sss!!ss1ekñwekt4jr14542223578876” is used only for a website. Think that you have, like that same password, 10 or 15 different ones. There is no one who can remember them!
But, for Google, it is the best idea. That has led us to make crazy decisions and try to manage this password problem in different ways. There are those who have a text file on their computer, hidden and protected, where they store all the keys. Other people have a physical notebook where passwords are written. And the latter may not be such a bad idea, but with long passwords the identification process in the services ends up becoming a huge problem. And although there are other options, in the end long keys end up being annoying.
A study makes it clear
From the hand of NIST, in the United States, the National Institute of Standards and Technology, a study has been published that delves into everything there is to know and take into account about passwords. And the first thing they indicate is that the benefits of using a password like those provided by Chrome are lower than if we use a password that is less difficult to remember. Among other things, they place special emphasis, precisely, on what we have said. They recognize that they are keys so difficult to memorize that, in the end, users end up writing down the passwords in documents. And hackers can discover these documents, attack them and open them to steal the keys.
They also say that, once they have analyzed the databases where all the passwords that have been hacked are recorded, they have discovered something clear. They say that there really isn’t that big of a difference between simple passwords and extremely complicated ones. They insist that they thought there would be a difference, but the evidence is clear and it can be seen that there is no big jump between one type of password and another.
Taking this into account, their conclusion is that it is more convenient to use a long password, but one that is easy for you to remember. In addition, they indicate that it is also preferable to have long passwords that you can remember, but that are different in different services. The reason for this is logical, since if you use the same password for everything, once they have hacked one of your accounts they will be able to access everything. But, for the rest, it is recommended not to continue using those long passwords that no one remembers. Perhaps, given what we have seen, it is a good opportunity to update keys. In any case, make the decision yourself depending on what suits you best, since NIST’s conclusions may not work equally well for all users.
