BITWARDEN

David Rutland has learned from past mistakes, and endeavours to keep all of his logins, usernames and passwords firmly under lock and key.

Credit: https://bitwarden.com

OUR EXPERT

David Rutland used to employ the same password for everything… right up until it was included in a screenshot (true story–Ed) for your favourite Linux publication. Now he uses BitWarden.

Passwords are a relic of the past – or so we’re told. An embarrassing hang-up from before the 20th century, when an exchange whispered through a gate at midnight could secure you access to exclusive clubs, pubs and secret societies.

But passwords are, by nature, insecure. The main reason for this is because users need to commit them to memory and recall them on demand. A secure password will be 16 characters long and contain a truly random array of numbers, and symbols, as well as upper and lowercase characters. But no one is going to be able to recall -9#<5}d}y8Kt:BDC on demand, no matter what mnemonic tricks they choose to employ.

No. Most internet users are going to use the name of their cat, or their spouse, celebrity crush or the name of the street where they grew up. They’re going to throw in the bare minimum of obfuscation demanded by whatever website on which they’re creating an account, and come away with a password that’s easy to recall and satisfies certain basic requirements. Please write in if at least one of your passwords is !ja5per, Watermel0n22, or 54n545t4rk.

The need for memorable passwords is so great that the string most often used (according to NordPass) is 123456. The second most employed combo is the exponentially more difficult 123456789. Highlights from the SplashData top 25 list from between 2011 and 2019 include such gems as football, starwars, iloveyou, admin, and of course password.

For LXF290, Jonni Bidwell researched and wrote an exhaustive eight-page guide to using Linux for hacking (to protect your own network, of course). This writer can tell you that if you’re not overly discriminating in your choice of target, in many cases all you need to do is start guessing passwords. You’ll get lucky a lot sooner than you expect.

The situation is exacerbated by the fact that computer users need passwords to access all kinds of sites and services. There will be passwords for reddit, for banking and PayPal, for FaceBook, Twitter, Patreon, Amazon, Discord… the list goes on.

For most people, it’s easier to use the same password over and over again. Even if your password isn’t ludicrously easy to guess, password databases are compromised every single day, and for unethical hackers and criminals it’s worth betting that the L1verp00lFC43va password you use on your GoDaddymanaged WordPress site (which was compromised in November 2021) will also unlock several other aspects of your digital life.