Over the past few years, strong passwords have become increasingly important. Passwords have started to run our lives – we log into one site to pay the cable bill, then log into another to pay the mortgage. Some companies are even offering discounts to move users away from paper billing, alleviating the need for them to produce and mail statements and thereby diminishing their overhead costs. While at first this seems great – the hunt for that elusive stamp has finally ended – it does come at a cost.
Who can memorize all those passwords? Facebook, eBay, PayPal, and payroll log in? This is where that great time saving features starts to fail us, because we end up using the same passwords. We all know we do it. Maybe we just use the same password twice, or maybe even 4 times. While using the same password makes it easier for us, it also makes it easier for anyone who gains access to just one of our passwords. This becomes a problem when the news reports huge security breaches such as Yahoo and LinkedIn. If those passwords were used for other sites, the risk is now much greater.
There are a few simple things to keep in mind when creating secure passwords. Don’t use something that can be easily found on social media. That picture of Spot the family dog on your Facebook page, or Fluffy the cat? While they are cute and can make memorable passwords for you, they also make a great guess for anyone trying to gain access to your accounts. The name of your wife, husband or kids, birthdates and favorite sports teams are also easily discernible online. Simply by reviewing your recent posts, anyone could have 2 or 3 dozen good guesses for your account passwords.
Things that help make strong passwords include long passwords with upper, lowercase and special characters – even spaces count. Use different passwords on different sites. This helps eliminate the chance of being fully compromised if one password is cracked. Use two-factor authorization when possible. Sites such as Gmail and Yahoo offer multi-factor authentication. This feature allows you to set your account to only allow access after two requirements are met. Commonly, you will enter your email password, then receive an SMS text to a mobile device with a code that you also need to enter, proving that you own the account and phone number listed in your account settings.
How to Create a Complex Password
One commonly used option is to use a simple text conversion that is called “leet speak” (where “A” becomes @ and E becomes 3 and so on.) Refer to http://www.1337.me for an easy translation tool.
Another option to create a complex yet memorable password is taking a simple phase, breaking it down to letters and changing upper and lowercase. In terms of how long it would take a computer to break the password, the phase starts at less than a second to as long as 4 billion years. For example:
My first job Was at a pizza shop 1996 (include a space)
M = 7 picoseconds
Mf 68 nanoseconds
Mf j= 4micro seconds
MfjW =200 Micro seconds
MfjW@ = 34 milliseconds
MfjW@A =2 seconds
MfjW@Ap = 3 minutes
MfjW@Aps = 3 hours
MfjW@Aps = 2 months
MfjW@Aps 1 =3 months
MfjW@Aps 19 =5 thousand years
MfjW@Aps 199 =485 thousand years
MfjW@Aps 1996 = 4 billion years
Password Managers: The Good and the Bad
Password Managers like LastPass or Dashlane can help you make the hard task of keeping all these passwords manageable. Such applications allow for users to store and track changes, and let you know what passwords may be weak, old or repeated. Some password manages even offer mobile and cloud access to a hosted database where you can store and backup your passwords. Password managers can help you quickly gain access to an easily navigable list of your numerous passwords. Many password managers also offer features to track credit cards and purchase receipts. These applications also commonly offer plug-ins for web browsers allowing passwords and credit card information to be auto filled in when logging in, filling out forms or purchasing products.
All these great features do come at a cost, as they cause a single fault tolerance. If you forget, or lose your manager password, you can be locked out forever and this on many applications cannot be reset once the database is created. Or if someone could gain access to your hosted password manager login. Hosted application such as LastPass have been compromised as recently as mid-2016.
If you do choose to use a password manager that allows for cloud backup of the password database like LastPass or the paid version of Dashlane, there are a few things you can do to make it even more secure. Never allow it to save your credit card information and do not allow password managers to track log in information for hospitals, banking, or payroll information. If you are concerned you might not be able to remember these passwords, write them down and store them with your important documentation in your home. If the physical security of your home has been compromised, you have bigger issues.
How Strong are Your Passwords?
If you are amazed by all of this, take one or two of your passwords and run them through https://howsecureismypassword.net to see how long yours will take to crack!