Looking for a New Year’s Resolution? Refresh all your passwords.

8 min readJan 13, 2019

Every new year, we get the opportunity to create a set of resolutions of things that we want to accomplish during the year. It’s not surprising that fitness or eating healthier food are some of the most popular options. Still, I want to share the main takeaways from a more technical resolution I made for 2019:

Renewing all online/offline passwords at home.

A password is a unique sequence of digits, characters and special characters that grant us access to specific products or services. The most frequently used combination to identify yourself when logging on to a new service is an email and a password. However, how can we navigate in a world where everybody, from the cable providers to banks, requires us to provide robust and unique passwords. (In my case, I realized that I needed more than 140). Before going there, let’s start with some context:

Pre-Internet passwords. ( — 1998)

Before anyone knew what the internet was or how to open an email account, the only passwords (or pins) that we had to remember were for the ATM or the alarm system. A simple four-digit number was secure enough to protect our identity.

Early Internet passwords. (1998–2007)

That changed when email became mainstream and everybody created one, first in Hotmail or Yahoo, later in Gmail. Emails became a marketing target and the value of email distribution lists quickly became undeniable. At this point, hackers were not a threat, and we were happy when reading every single marketing email we got. With the increased importance of the internet, we subscribed to a group of new companies that required us to remember a new password for each: AOL, Yahoo, Hotmail, Myspace, Geocities, Netscape. In the beginning, people didn’t take the password field very seriously and typed 123456 (Funnily enough, this was the most popular password in 2018, after the word ‘password’ itself). Assuming you are not one of those clever users, you still needed more than one or two “strong” passwords.

Older Internet (+mobile) passwords. (2007–2025)

How do we face the complexity of managing multiple passwords? With a very human and dangerous practice: we reuse the same password for every single site or app. Perhaps that was not a big deal until social media would reveal to advertisers something more valuable than your email: your data. In collecting every single move you made online, this required them also to know who you are. Based on that premise, every internet service or app now requires us to have a username/password to login. Also, hackers realized how valuable our passwords are, especially those that can unlock bank accounts or private photos or videos. Moreover, the odds that hackers can catch one of your online login/passwords are very high. Not all companies follow the same security practices that leave unpatched servers, unencrypted passwords, insecure connections, outsourcing IT staff to name some.

Here some examples of password-required services today:

Computer and Mobile device access: Desktops, Laptops, tablets, Phones, watches.
Home connected devices: Wi-Fi router (admin, guest, and users), thermostat, doorbell, sound system, smart tv, printers, lights, alarm, smoke detectors, door lock, cameras, garage opener, network storage, voice assistance. (soon the refrigerator, oven, stove, coffee machine).
Communication: Emails, Social Media, instants messengers, photo apps, networking apps, the telecom company.
Work: VPN, Intranet Login, collaboration apps.
Financial: Banks, Tax agency, budget tracking, credit score apps, payment apps, credit cards apps.
Shopping: Online stores apps, coupons sites.
Transportation: City Bus, Taxi companies.
Travel: Review site, airlines, rewards cards.
Education: Search engine, Online training, news services, public library
Leisure: Concert tickets app, video apps, game console, radio apps, music apps, movie tickets.
Health: The insurance company app, runner app, workout app, diet app, meditation app, brain workout app.
Government: Municipal Taxes, public services.

That list only grew by the minute, if we multiply some of those services for every single member of the family: spouses, teenagers, seniors, adults, etc. We can clearly see the magnitude of the problem and understand why every person is creating their own method to manage their passwords.

After reviewing this with my family, here are some of the (wrong) methods we were using:

Dad: I used a free window app to manage all the passwords, the problem? It depended on a specific machine to access the passwords and had limited options to share with multiple devices, and as a workaround, I used a text file in Google doc or Dropbox. I was repeating passwords when I don’t always have access to the password repository machine.
Mom: She used a common password pattern, changing a small part every time. She kept the same password for years.
Teenaged daughter: Never remembered her passwords, always reset the access or create multiple accounts. She would shares passwords with friends.
Grandma: She keeps a notebook where all her passwords are written down but still uses a predictable pattern all the time.
House: same Wi-Fi passwords for users and guests. Multiple routers (old and news), with weak admin credentials.

In most cases, passwords never were more than eight digits long, with only letters and numbers and heavily reused.

How do we fix this?

Firstly, we need to understand that we are not as smart as we think we are. We only can remember a limited number of items, and we tend to repeat the same patterns over and over.

Secondly, accepting the fact that some of our data is already compromised, sold and shared by bad actors. Maybe it’s not your fault but the fault of some of the dozens of sites and apps you signed-in to. Now we are playing a “catch me if you can” game with hackers where they are trying to build a puzzle with all our data and our goal is to keep that puzzle as incomplete and dynamic as we can. So the question is: how can we do that and keep ourselves alive in this game?

Here are some strategies:

Never, ever reuse passwords, even for small apps or sites.
Avoid passwords that are weak, common or easy to guess. Use only randomly generated passwords.
Some passwords are more important than others: The jewels in the crown are your Google account (Gmail), Amazon, Apple ID, Banking, PayPal, Hotmail, and home Wi-Fi. Use at least 25 characters, numbers and special characters and activate two-factor authentication when it is available. If you have to validate your identity with a text message to gain access, it only makes it more difficult to be hacked.
Create an expiration period for each password category, for example, banking every three months, email every six months, Wi-Fi routers every year, etc.
Talk with your family about the risks of sharing home passwords or phishing techniques. Hackers are getting more sophisticated, and it’s more likely that they are trying to hack your grandma or kids to gain access to your home network rather than you.
Remove old routers and Wi-Fi connected devices. Most of the routers brands have old models with security issues that they no longer support.
Have a backup system to recover any family access in case of forgetting a password.
Seek for a family solution to the issue. Everybody needs to participate.
Make a security audit every month. Check if any password is in a database of breached passwords like haveibeenpwned.com.
Protect your data. Why does a supermarket need your postal code, email, and name to sell you some vegetables? That creates another copy of your data and more chances for it to leak in the future.

There are many password manager solutions in with all these capabilities. I don’t want to endorse any particular product as every case is different, but only want to remark that we have to pay for it. Ask yourself how much it could cost you to lose control over your digital identities, bank accounts, personal data, and photos, and you will quickly find the answer: You need a reliable product and company that care about your privacy as much as you do.

The bottom line is, in 2019, we can’t have duplicated passwords that are easy to predict. We need unique and robust (16 or more characters) passwords with random sequences. If you realize that you have to manage around 140 passwords, or more, for a family of four, you’ll need to accept the fact that memory will only take you so far and you need to find a more preventive solution.

Quantum Computer passwords cracking problem (2025 -)

Here is a more futuristic prediction to add-on. Today, on January 8, 2019, IBM announced the first commercial quantum computer to the public. The impact that a quantum computer has over the current internet security model is profound. We can compare it when Alan Turing’s machine broke the nazis encoder machine enigma. With the current computational capability, hackers can break an eight character password with CPU power in 1.44 years, with GPU power, this would only take about 5 days. On a supercomputer or botnet, this would take 7.6 minutes.

That means that any password with 16 digits or more is reliable today. However, with a quantum computer, hackers could break a 400 long password in a reasonable timeframe, making useless the current encryption model. Still, we are far of that scenario, so let's start fixing all eight digits, repeated passwords with a more robust solution and be ready at some point in the future to protect your digital assets maybe with some DNA + blockchain record.

This is an infinite game that we have to play to continue enjoying the benefits of the internet.

Looking for a New Year’s Resolution? Refresh all your passwords.

Pre-Internet passwords. ( — 1998)

Early Internet passwords. (1998–2007)

Older Internet (+mobile) passwords. (2007–2025)

How do we fix this?

Quantum Computer passwords cracking problem (2025 -)

Also by J. P. Solano

Written by J. P. Solano

No responses yet