“Grrr! I forgot my password for this site!” If I had a bitcoin for every time I said that, I would be a bitcoin millionaire; and I bet you would be too! The password is often the key, and all too often, missing ingredient when you are trying to gain access.
There is good reason to use different passwords with different applications and sites. The main reason for doing so is that it limits your risk if there is a hack somewhere. Reusing a password on multiple accounts, even if it is a long and complicated one, is risky. When a hacker successfully breaches one of your favorite sites, they gain the keys to your entire pantry, leaving you totally vulnerable. A website hack is not the only way you could lose it all if you keep just one password. You might share a password with the wrong person, or you might have unknowingly given away access at an open Wi-Fi hotspot, or unbeknownst to you, a keylogger or malware could be grabbing your password every time you type it in.
You undoubtedly have heard all the best password advice countless times, but a good story bears repeating. In honor of World Password Day, celebrated this year on May 2, here is a recipe for creating and keeping the most secure passwords:
- 1 cup of “Long” – Even with a “brute force attack” a long and complicated password with letters, symbols and numbers can be compromised. But, you want to make it harder and take longer. Here is some perspective, a three-character password can be cracked in less than a second.
- 2 bits of “Nonsense” – Long, and complex are great, but randomness takes it up a notch! Non-dictionary words, grammatically incorrect and nonsensical phrases are much better.
- A pinch of “Randomness” – Randomly mix numbers, special characters, and capital and lowercase letters.
- Zero teaspoons of “Personal Bits” – So much personal information about each of us is available to so many. Do not even think about using anything that might be obtainable by anyone who can use a search engine. Be warry with security questions too. Pick or make up non-personal Q&As.
- 5 cups of “Hush Hush” – Do not leave a password around anywhere: not on a sticky note by the computer nor a file on your desktop called “passwords.” Do not give your password to anyone. If anyone else is ever involved in logging you in, type the password in yourself.
- Mix all ingredients thoroughly – Do not get arrogant if you do all the above. If you do not change passwords regularly, you are just exposing yourself to risk and harm. Do all the above and put a password policy in place whereby passwords must be changed.
- Do not reuse Leftovers – Use once and only once. After large-scale hacks, the compromised information often makes it online.
While the above recipe is sure to please, don’t forget the missing ingredient—a Password Manager—the one ingredient that changes everything and makes everything easier. These are services that auto generate and store strong passwords for you. They are kept in an encrypted, centralized location which you can access with a “master password” that you should memorize. Some of these are free to use, others involve a fee. They can often sync new passwords across multiple devices and audit/report your password behavior for you to minimize your risk.
Like Grandma’s recipe box where all the family-favorite recipes are kept in one place, a Password Manager is essential to preserving your passwords in one spot where they can be kept safe and recalled when needed.
IT Radix can help you create a recipe for success! Contact us for advice on all password security questions here.
First published in our April 2019 IT Radix Resource newsletter