Sometimes It's OK to Throw Away a Password
by Keith Gatling | 17 months ago
What’s a throwaway password? It’s a password for a website that you use very rarely. Perhaps it’s a shopping website that you use maybe once or twice a year, but that doesn’t save any credit card data on you. What’s the point in coming up with a really special, really great, really secure, password for sites like this? There really is none.
My standard password for sites like this was insecure. Really, that’s what it was. It was a site I didn’t care about, with a password I didn’t care about, and so the password was insecure. And I could remember that.
Or so I thought. The problem was that I couldn’t remember which websites got insecure passwords and which ones didn’t, so from time to time I’d have to ask for a password reset. This involves them sending a link to the email address they have on record for me, at which point I create a new throwaway password for the site. And then a colleague of mine told me that that’s exactly how she handles those rarely-used websites…she gives them a password that she doesn’t even try to remember, then when she needs to get on it again months later, she simply says that she forgot her password, and waits for them to send her a password reset link.
Of course, the security of this all depends on someone not having hacked her email account first!
But throwaway passwords…it’s an idea worth saving!