Debugger

It’s a Huge Mistake to Memorize Your Passwords

Here’s what to do instead — and which services you should use

Owen Williams
Published in
7 min readJun 4, 2019

--

Credit: Andrew Brookes/Cultura/Getty

YYou shouldn’t know any of your passwords. But there’s a decent chance you do — many of us fall into a default pattern of memorizing one or two and using them across countless websites and services.

That’s a mistake. If you’re still doing this, or if you know any of your passwords at all, it’s time to change it up. These days, the only secure password is one you can’t possibly remember. Studies have repeatedly shown that password reuse is the most common security blunder people make. When a single service gets hacked — which happens constantly — hackers are able to guess which other services you use and break into those with the same password.

This tactic, called credential stuffing, is used by hackers to target people’s most personal information. Say you signed up years ago for a service like last.fm, which was breached in 2012; if your banking password is the same, you might be kissing your identity goodbye simply because hackers are able to guess that the passwords matched.

If you’re lucky, you’ve probably been only caught up in a single breach, but the reality is that the majority of us have been affected multiple times over the years. All it takes to find out is typing your email address into Have I Been Pwned, a free service run by security researcher Troy Hunt.

You shouldn’t know any of your passwords for the services you use. Most importantly, every single site or app you’re using should use a unique password.

The site, which tracks publicly reported breaches, who was caught in them, and what information was breached, will reveal how many companies have failed to keep your data safe. I ran my own email address through it and found I’ve been breached more than 10 times. Thankfully, in most of these cases, the password I used for each site was unique.

In 2019, the only way to completely protect yourself from a password breach is to log off, delete all your accounts, and live a hermit’s life in the woods. If the offline lifestyle isn’t for you, then…

--

--

Owen Williams
OneZero

Fascinated by how code and design is shaping the world. I write about the why behind tech news. Design Manager in Tech. https://twitter.com/ow