As the “techie” one, I am often the recipient of eye rolls, sarcasm or full shut-downs (eyes glaze over, head lowers..) when I mention password security. Any new service that requires a new password is met with groaning and sites that insist on a minimum security level causes quite a lot of anger. I’ve learned that your average human has little patience for such things and most people are perfectly happy to use the same 2 or 3 passwords for everything. I’m guilty of it myself.
When I was a teenager, I went on a picnic with a large group of my parents friends and when it was time to leave, someone realised they’d locked their keys in their car. After a few attempts by several guys to slide things down the window and pull the catch up, someone said, “hang on, try this…”. They handed over their own car keys and it unlocked the door! Turns out the keys from a Vauxhall Viva would open the door of any other Vauxhall Viva. I remember thinking it was crazy that someone else’s keys could unlock your car, but this is exactly what we’re doing with our passwords and most people don’t seem to think it’s a big deal.
A phrase I hear quite frequently is “oh, no-one will guess that”, and they’re probably right, no person would. A piece of code could though. A script running on a web server somewhere will happily run through millions of possible combinations of words, numbers and characters until they hit something that works, and once they find it there’s a very good chance it’s going to work on other websites.
Nearly every time I’ve had to deal with a breach on a web sever or (more often) an email server it has been the result of a weak password.
“Oh, Steve tells me off” (I don’t) “…but I’m terrible at remembering these things”. You don’t have to remember them, in the same way you don’t have to remember phone numbers or email addresses - they’re all stored in your phone and your phone has 1 passcode, that you do remember. Use a password manager like 1password or LastPass, or even the one built into your web browser, but let them generate strong passwords for you and use a different one for every website. You only have to remember a single password to unlock them all and you can feel safe in the knowledge that all your stuff is secured.
If you’re still not convinced and you have 20 minutes, watch this video. It’s surprisingly interesting for a video about passwords and explains it all pretty well using a stack of envelopes...
Don't be a Vauxhall Viva - sort out your passwords. It doesn't have to be a stressful task if you just have a plan to manage it. Even writing them all down on a sheet of paper and hiding them under your bed is better than using the same password everywhere.