New Year’s resolutions: Get your passwords shipshape
Many of us entered 2019 with a boatload of New Year’s resolutions. Doing more exercise, fixing unhealthy eating habits and saving more money are all highly respectable goals in their own right, but could it be that they don’t go far enough in an era with countless apps and sites that scream for letting them help you reach your personal goals, which apparently also implies – you guessed it – reach your New Year’s resolutions?
Now, you may want to add a few more weighty and yet fairly effortless habits on top of those well-worn choices. Here are a handful of tips for ‘exercises’ that will do good for your cyber-fitness.
Passwords have a bad rap, and deservedly so: they suffer from weaknesses, both in terms of security and convenience, that make them a less-than-ideal method of authentication. However, much of what the Internet offers is dependent on your signing up for this or that online service, and the available form of authentication almost universally happens to be the username/password combination.
As the keys that open online accounts (not to speak of many devices), passwords are often rightly thought of as the first – alas, often the only – line of defense that protects your virtual and real assets from intruders. However, passwords don’t offer much in the way of protection unless, in the first place, they’re strong and unique to each device and account.
But what constitutes a strong password? A passphrase! Done right, typical passphrases are generally both more secure and more user-friendly than typical passwords. The longer the passphrase and the more words it packs the better, with seven words providing for a solid start. With each extra character (not to mention words), the number of possible combinations rises exponentially, which makes simple brute-force password-cracking attacks far less likely to succeed, if not well-nigh impossible (assuming, of course, that the service in question does not impose limitations on password input length – something that is, sadly, still far too common).
Another caveat is that it’s better to refrain from phrases that have made it into the everyday lexicon. Entire books, famous quotes, or lyrics – sing, ‘Pleased to meet you, hope you guess my name’ as a bit of an extreme example that is not to be taken literally – already tend to be part of the fodder of password-cracking tools. The individual words should be in random order and, ideally, sprinkled with special characters and character substitution, all the while retaining a hidden meaning and memorability to its creator. For practical guidance about creating your passphrases, you may want to refer to this short video tutorial or to this article.
Then, of course, there is the need for each passphrase to be distinct for each account, so that a leak of one of your passphrases doesn’t reverberate through your other and possibly more valuable accounts. Alas, the dangerous practice of password recyclingis ubiquitous, and attackers can exploit it hands-down with an automated technique known as ‘credential stuffing’.
It’s quite likely that you use too many online accounts to remember a distinct passphrase for each of them. In which case, it’s worth considering a reputable password vault/manager that encrypts your password storage and takes away much of the pain that password management involves. Of course, such a tool can also generate randomized and complex passwords and passphrases for you.
While then you should need to remember only one master password that, ultimately, opens all your online accounts, the pressure will be on the sturdiness and uniqueness of this one key to your digital kingdom – so it’s back to the suggestions above.