Passwords have always been a problem for humans. Whilst it’s great for computers and security to have really long and secure passwords, our brains simply aren’t hardwired to remember complex and different passwords for every site that we use but it’s essential in today’s world.
Recently there have been a number of cases where businesses, which haven’t had a data breach, have requested users to change their password because another totally unconnected site has had a breach and users have used the same passwords for both sites. Recently Hermes the UK courier asked users to change their passwords for that reason and today it’s the turn of Canada Post. Canada Post are resetting passwords for all online customer accounts, starting on the 16th of October.
“We have been able to determine that login and password credentials stolen in external privacy breaches unrelated to Canada Post were used to access individual Canada Post accounts. This is possible when users reuse their credentials on several websites for convenience or to avoid having to remember different passwords.
Based on our investigation, we do not believe your information has been compromised, but we are requiring that you reset your password.”
– Canada Post
There are numerous ways to create memorable but unique passwords but the problem with this is that if it’s an account that you only use occasionally remembering the password after a few weeks or months can still be challenging. For some services, e.g. domain renewals, you might only need to recall your password once or twice a year.
Writing passwords down is never a great idea, unless you have a secure location to keep them in. Definitely a sticky note stuck to your keyboard isn’t a great idea. There are online services that will store all your passwords in a secure virtual vault which can help, but regardless how you store or memorise your passwords at least use different passwords for each account you use.