Let us start by taking a deep cleansing breath, because we are about to talk about a subject that can be a point of stress for people.
Passwords are something that I have wanted to talk about for a while, but it can be a difficult subject to approach. There are a lot of different opinions out there on what is the most secure password. I’m not here to tell you how to have the most secure password of all time, but I am here to tell you how not to have weak passwords.
I can see the appeal of a weak password. I mean who can remember a bunch of different passwords anyway?! I know I can’t and I don’t expect you to either. My goal is to equip you with some knowledge and tools so you can go forth and create new account, with no stress.
Password Length is a hotly debated topic next to the variation of letters, character, and numbers you should use in your password. I’m not going to get into a bunch of specifics here and analyze exactly what type of password I think you should have. But I am going to outline some key things when creating a secure password.
The longer the better
The longer your password is, the harder it is to crack. In general, I suggest having your password be at least 12-15 characters. Each different online platform has their own minimum and maximum password requirements, but 12-15 characters seem to align with most requirements.
Mix things up
A password containing, numbers, letters, and characters will also strengthen your password, but you can be just as secure of a password by using an unexpected lorger phrase. For example...
This is a strong password and is more secure than a complicated password that you have saved in a word document or written on a sticky note next to your computer.
Note: Please don’t write down your passwords anywhere that is easy for others to find. If you do, stash them in a super secret place at home and don’t travel with them. Que James Bond music.
Delegate remembering your passwords
Personally, I’m not about remember all of my passwords so I use a password manager. A password manager is a tool that will safely generate and store passwords. Then I only need to remember one strong password and the manager remembers the rest. However it can sound scary entrusting all of those accounts to a password manager. Just be sure you choose a reputable password manager, like LastPass, 1Password, or Dashlane. These services are not free, but they are a worthwhile investment in your online security. But Dashlane has a one device only free plan if you are looking for something to start with.
A password manager is unlocked using a Master Password that is set by you. Guard that master password closely. Do not reuse that password anywhere else or write it down anywhere that would be easily accessible to someone else.
Passwords are like tissues, don’t reuse them.
That brings me to another important thing, password reuse. I will confess that before I started in Security I was a chronic password reuser. I thought if I had one security password and used it everywhere, I was being safe. Now, I understand the risk I was putting my accounts in.
Reusing your password is so risky, because if one of the websites using that password gets breached, you are giving that hacker keys to all of your other accounts. Ahh! That is so scary!
And you might already be a victim of this and not even realize it. If you want to see where you might already be vulnerable, head over to haveibeenpwned.com and check your email addresses. This website, maintained by security expert Troy Hunt, keeps a database of major data breaches and credentials that have been leaked.
To give you an example, one of my email addresses shows that my Adobe account was leaked in the big Adobe breach back in 2013. Adobe, took the appropriate action and forced users to reset their passwords. However, if I was using that password for any other accounts, an attacker can guess which accounts might be using those same credentials. And If I had used the password anywhere else, I would have certainly been pwned.
Anti-Virus Saves Lives (Your computer’s life)
You could have the most secure passwords in the world, but if your computer isn’t safe, that password isn't safe. Some computer viruses can come in the form of a Keylogger. A Keylogger records each keystroke typed on the infected computer and send that information back to the attacker’s computer. So make sure you have a reputable anti-virus software and that you update and run scans on a regular basis. A lot of anti-virus software allows you to set up scheduled scans on a daily basis, so you don’t have to worry about remembering to run scans. Passwords can be a complicated topic and maybe there will be another blog post down the line addresses some of the other common questions around passwords. If you follow the these tips you will be taking a good first step to securing your account. Keep an eye out for my next post on Two Factor Authentication.
Additional Resources: https://krebsonsecurity.com/password-dos-and-donts/