Edward Snowden on Why Your Passwords Dangerously Suck

Bill Gates once opined that if you want something done, give it to a lazy person. As counter-intuitive as that sounds, his reasoning was this: a lazy person, assuming that they will actually and eventually do the work, will devise a system that completes the task in the shortest and most efficient way so he or she can get back to being lazy.

Obviously this goes against our American-Puritan hard work ethic, but it’s safe to say that our entire IT revolution is built on this idea.

However, there is one place this does not work: secure passwords.

Why having a secure password is difficult?

It seems like a simple thing to do. And you know you’re doing it wrong, yet you keep doing it. What will it take to get you to create and maintain secure passwords?

It’s not difficult. You’re just lazy. The wrong kind of lazy. But so is everyone else. However, this is no excuse not to choose something more secure. And think of it this way: you’re playing Russian Roulette with your life in the modern world. This is not an overstatement; this is a cold-hard fact. Once someone gains access to say, the same password you’ve used for your bank account, your child’s online grading tracker and your TurboTax account, well, you figure out what that means.

Don’t believe me? Believe Edward Snowden

As Edward Snowden points out, an 8 character password can be be deciphered by a computer in less that…less than…ready? 1 second.

1 Second and life as you know it is over for a few years.

And we know why you are behaving the way you do. It’s easy to remember a password like “passwerd.” Well stop that. Now.

What’s in a secure password?

So what makes a secure password? First of all, stop calling them passwords. Start thinking of them as pass phrases. Your pass phrase should not have any words of them at all. A good pass phrase starts at least 12 characters and should be a mix of numbers (1234567890), upper and lower case letters (DfgGgdskhIhz), and any number of symbols that you would use to obfuscate a swear word ([email protected]#$%^&*()).

  • bad pass phrase: dontl1kepasswerds
  • better (passable) pass phrase: d0NtL1kepassw3rds
  • best pass phrase: d0566gGh153$81D193

Well, How am I supposed to remember a password like: g6G3$5!fdkoOiLl3e1?

Well that’s the tricky part. Unless you are a number savant, you’re not going to be able to remember that. We get it. Not to mention that not all systems will even accept a password like “g6G3$5!fdkoOiLl3e1.”

So here are some tools that will satisfy your need for laziness. Note: Some of you will say, “Hey Tim, what if these tools get hacked?”

To which I would reply, “Nothing is perfect. Life is not a light switch with on/off. There are things that help and improve us, despite their inherent imperfections. You’re either improving or you are not. These are significant improvements.”

Password Safe


Runs locally on your computer and has been used for years. Password Safe allows you to safely and easily create a secured and encrypted user name/password list.

1Password 4 for Macintosh/iOS/Android/Windows

Free/Pro Version(recommended) $9.95

1Password creates strong, unique passwords for all of your sites and logs you in with a single tap. It’s simple, convenient security.

Webmaster Tim Approved: RoboForm:

Not Free: $9.95 for the first year, $19.95 after that.

Roboform is more of a comprehensive solution. It operates on all of your devices and it has a “run once/run everywhere” philosophy. That is, you configure it, and it remembers all of your pass phrases for you. It’s actually quite nifty.



Notify of