+44 (0) 3333 445 286 [email protected]

Subtotal: £0.00

No products in the basket.

Pick a card, any card. Don’t show it to me, memorise it and associate it with a phone number you use regularly. Now pick another card. Memorise that one and associate it with another phone number. Now work your way through entire pack, repeating the process without writing anything down, do you think you could manage that? If you are memory world champion it is pretty straight forward, for the rest of us it gets a bit more complicated. Yet that is what we are all asked to do.

Let’s rephrase it slightly, so instead of pick a card, try, pick an online service or website, associate a unique password with it (that includes a mixture of numbers and maybe symbols) and memorise it. Now do this 30-50 times, because believe it or not, we probably have at least 30 different online services that we use. If you do not think so, try making a list. Here’s a few to get you started:
  • Online banking or money related (bank, PayPal)
  • Utility supplier (gas, electricity, water, internet, telephone)
  • Government related (tax, licenses)
  • Online services (email, social media)
  • Online stores (food retailers, clothing, department stores, Amazon)
  • Digital services (AppleID, Netflix)
  • Fast food delivery account
  • Taxi or delivery services
So, asking everyone to create unique passwords and not write them down, as well as change them on a regular basis is completely unrealistic. Which is why people only use small set of passwords (sometimes just one) and write them down, because let’s face it, we are not memory world champions. Password managers are the answer in some cases, but they are not for everyone. Two-step authorisation can greatly help, so long as the second step (like a code sent to an email address) doesn’t use the same password, which would make it pointless.

Password reuse is a major problem in today’s online world, allowing the criminals to use credential stuffing bots, so maybe writing down passwords in a physical notebook is a lesser evil, if it means you have unique passwords for every account. There is always really bad handwriting as a obfuscation technique, coupled with 2-3 extra characters that are unnecessary at the end of the password in case your notebook falls into the wrong hands. Still, the risk of that is minimal compared to reusing bad passwords and storing them online.

Read more practical advice for cyber security in Nick Ioannou’s book, A Practical Guide to Cyber Security for Small Businesses.

About the Author:

Nick Ioannou is an IT professional, blogger, author and public speaker on cloud and security issues, with over 20 years’ corporate experience, including 15 years using cloud/hosted software as a service (SaaS) systems.

He started blogging in 2012 on free IT resources (http://nick-ioannou.com) currently with over 400+ posts. Author of Internet Security Fundamentals, contributing author of two books Managing Cybersecurity Risk and the recently published Conquer The Web.

More free security advice and resources and information on how to contact Nick can be found at www.booleanlogical.com