Passwords: Cornerstone or Stumbling Block? You decide!
Whether we like it or not, passwords are currently one of the
pillars of information security and they are a critical part of protecting our
important data online. Everyone reading this article has entered a password on
a website at some point. If we are like most people, we probably dislike the
complex nature of passwords. Some of us actually “despise” the concept of
passwords altogether. Wherever we are on that scale, it is hard to deny that
passwords are a huge part of our digital lives. In fact, your attitude towards
passwords is one of main things you have control over to increase your
digital security standing. This is one of those subjects where some of us glaze
over and get annoyed at the very mention of the word “password” and all the
complexities involved. If you are one of these people, this article is
especially for you, be sure to read on! This article will help you handle
passwords with confidence. In fact, you have a guarantee that if you follow the
recommendations in this article it will simplify your life! Well, at least
simplify how you manage and handle the many passwords you use on all your
accounts. It will increase your security at the same time.
After reading this you should be encouraged by the simplicity of
the tips that will revolutionize how you use and manage passwords. You will
hopefully then view and use passwords in a way that they become the Cornerstone
of your digital security standing instead of a Stumbling Block.
Enjoy!
1) Keep your passwords simple. With all the talk you hear from
the “experts” this may seem opposed to what you have heard. They are always
saying Make sure you create a “complex” password; use a combination of Upper
and Lower case letters; Use numbers and special characters, use substitutes,
such as 3 for E, O for 0, etc. Oh and while you are struggling with even
thinking of a password that meets all the criteria, make sure you change your
passwords every 90 days. They want us to make passwords that look like
this-“$t00P1D!” A password that is hard to remember and it is not
necessarily more secure! If you listen to the experts we each need about
10-20 different passwords that are frankly hard to remember. No wonder we are
tired of passwords! With what we have been told, it is understandable why some
people write their passwords down on a post-it note and keep it under their
keyboard to remember it (This is a big no-no, by the way). Be sure not to over
complicate things. One of the main keys to a strong password is length. You do
not need to do everything the “experts” say. In fact we are finding that some
of the sage advice they have given us all these years is actually not good
advice. A good way to do this is by using passphrases. Keep reading to learn
more about this simple technique to strengthen your passwords and make them
more memorable at the same time.
2) Passphrases or Passwords, what is the difference? A password
is just that, usually one word or one distinct block of characters. A
passphrase is meant to be a series of words and if done properly, it includes
the spaces between the words in the phrase. For example (Amazing Grace,
how sweet the sound!) is a 35-character passphrase with a combination of upper
and lower case letters, punctuation and spaces. It is long and it is very easy
to remember. When it comes to passwords/pass-phrases, length and spaces between
“different” words is one of the keys to strength. As a disclaimer, you will
find that not every website or application allows you to put spaces. The good
news is many of the big ones such as Facebook, Twitter and many banks do allow
this. If you can’t put spaces, you can still use a long memorable phrase
without the spaces (be sure to use spaces when you can as this makes your
password stronger). This is the concept and approach you want to take with all
of your passwords in the future. https://www.xkcd.com/936/ Here is a good comic
that has more information on the subject It gets into some of the technical
reason this method makes the password stronger (it is highly recommended
reading material). Some may still be groaning as this means you have to type
more. I would encourage you that even someone who is not a great typist can get
very good at typing the same phrase over and over and it will become second
nature if you give the method a chance. If you use a Password Manager program
properly you will only need to enter one longer password and then be able to
get into all your accounts. Not familiar with Password Managers? Keep reading
and get ready to put all your password woes behind you!
3) Password Managers – Even if you use pass phrases, you still
probably have close to 10 or more unique online accounts that require
passwords. If you follow the good advice of having different passwords for each
account, that is still a lot of passwords to remember and keep up with.
This is where password managers are very good. Two decent ones that I use are
1Password and Last Pass. They both have different features and ways that they
function. One is web-based on any operating system (Last Pass) and the other is
local on your machine/smart phone (1Password). Both are very good and offer the
ability to also save secure notes. Think of this as a secure way to still use
post-it notes for reminders. Last Pass is one of the easiest to use and set up
and it has become my password manager of choice. You can log-in from any web
browser and it can automatically remember accounts for you as you work. It can
also recommend and save secure passwords based on criteria you choose. This is
great for the accounts that you log into rarely, or only one time. If you
are not using a password manager, make sure you go to this site and start
using this free service today! https://lastpass.com/features_free.php
4) Change is a good thing. When it comes to passwords, change is
a good thing. Like many things, much of the frustration with password changing
is due to the way it is often communicated to users. The bottom line is to pick
a good change strategy that works for you. This will help better
protect your personal information online. Once an account is compromised, the
first step is to change your password. In fact, if you haven’t changed your
password in a while, there is a good chance someone already may have your
password and potential access to your accounts. Changing your password helps
assure that the common techniques used by many identity thieves and
"hackers" is stopped before it becomes a problem. Using password
managers help make this process a lot easier. Some people will not change their
password unless they are forced to do so. This is a bad strategy that should
not have to be. Do not wait for an Information Security mandate, or an incident
to change your passwords. A simple way is to pick a holiday, or a memorable
date to change your passwords and stick with it. If you already change your password
regularly, be proud that you take the protection of your personal and family
data seriously. Your reputation and that of your organization is at stake every
time you create and use a password. Changing them regularly and using strong
passwords is the key.
5) Test the strength of your passwords - If you want to check
the strength of your password, check it on the following site: http://howsecureismypassword.net/
If you feel uncomfortable entering your password on an unfamiliar website, you
can disconnect from the Internet before you enter your password. It runs
locally on your machine, independent from the web browser. In case you still
think this is a security test to see if you would enter your password, you can
also enter a different password that has the same general structure to get an
idea how strong it is without actually entering it if you are really security
conscious (this is what I did initially).
Now back to the guarantee…if you use these very
simple steps you will increase your security significantly. More
importantly you will become more efficient and will start viewing passwords as
a cornerstone rather than a stumbling block. Besides it is never fun when your lack
of password strength is found to be disturbing.
