2016. máj. 2.

How to never worry about password security again!

  • Connect and support people
  • Password security – a source of anxiety for many of us. So much of our lives relies on the strength and secrecy of our passwords. How would you like to never worry about your password security ever again?

    In today’s workplace, almost everything we do requires some form of password-guarded access.

    Because password security is so crucial, it is part of my job to help coworkers here ensure password security.

    Many people fall foul of poor password security at one point or another.

    If you’re lucky, it results in your computer’s language hilariously changed to something you have no hope of understanding.

    The result being time lost, spent on reversing the language change.

    If you’re not so lucky, a compromised password can lead to hackers and digital thieves accessing sensitive information, stealing money, corrupting data, or locking you out from your accounts.

    The consequences can cut deep and take many months or even years to repair.

    Password practices are often taken for granted, which is one of the reasons why reminding ourselves of best practices from time to time, such as on the annual Password Day, can help us ensure complete password security.

    Follow these steps to never have to worry about password security again.

    Stop being predictable

    We’ve all been trained to build our passwords the same way.

    Years of automatic prompts have asked us to include capitalized letters, and numerical or punctuation characters, in our passwords.

    Unfortunately, password crackers out there have noticed the pattern.

    Because the result is that we all:

    • Start out with a favored word to form the foundation of our password
    • Use up our capital letter on the first character
    • Add on a number and exclamation mark on the end of the password to hit the requested quota
    • And voila – we’re left with our ‘uncrackable’ password: “Ninja1!”

    While we think we are secure, having hit all the types of characters required, we are leaving ourselves open to having our password guessed.

    Whether through social engineering to crack passwords, or by way of other password hacking methods, we are left vulnerable.

    Our best bet is to stop being so predictable.

    Stop using one word passwords

    Words are very predictable. The next step we can take in upgrading our password security is to banish the use of single word passwords.

    Not only are one-word passwords often short, but also they are predictable.

    Did you know that databases exist that contain every word in every language?

    The purpose of these databases is to be used by hackers to crack passwords simply by trying every word.

    This is called a Dictionary attack, which can also take the form of a Rainbow table attack.

    Of course, it might seem that one-word passwords are far easier to remember than anything else is.

    But, when thinking of security, ease cannot be the main criteria for decision making. Security must be.

    In fact, as Better Business Bureau explained, some of the most common (and least secure) passwords are not always words.

    The following passwords were the top 10 passwords used in 2014 – You might guess, that these passwords should not your first choice for your online banking account.

    1. 123456
    2. password
    3. 12345
    4. 12345678
    5. qwerty
    6. 123456789
    7. 1234
    8. Baseball
    9. Dragon
    10. Football

    Not only are more complex passwords more secure, they can be just as easy to remember too.

    What makes a strong password? On to our next step.

    Long and strong passwords

    How can we create passwords that are strong and still memorable? There’s a bit of a trick to it.

    First off, strong and memorable passwords should consist of multiple words.

    PieceOfCake you might think.

    Nope. First rule of multi-word passwords is to use a strong of words that are either nonsensical, or that are very particular to you.

    CoffeeLobsterMarathon – a good place to start for a nonsensical string of words. And the image it conjures is so bizarre it’s easy to remember.

    DavesFavoriteColorIsGrey – Knowing your mate Dave’s favorite color is a very unique circumstance to you. And very hard to guess.

    Second stage is to interlace these passwords with – you guessed it – special characters.

    Leaving us with C0ff33L0b$t3rM8r8th0n and D8v3sF8v0r1t3C0l0r1sGr3y.

    Both of these blow “Ninja1!” out of the water in terms of password security.

    Use unique passwords for every account

    I know. This advice normally elicits the response that it is impossible to remember passwords for every account. But, for reasons we will get into later, it really isn’t.

    And the benefits are huge.

    Does anyone you know use one password for every account?

    Many people do.

    The problem is that it is a real threat to password security. Because it only takes one leak from one of the many places you’ve used that password for more accounts to be accessed.

    If your username, email address, and password are exposed by a security breach of one of the services, accounts, or companies you have dealt with – hackers will be able to take these details and try to access any other accounts with the same details.

    If passwords are different for every account you use, this technique will not work. Meaning you can enjoy much better password security.

    So, how on earth can we remember each and every password?

    A smarter way to memorize your passwords (a password manager)

    It would be very impractical to try to memorize passwords for every single account we own.

    For accounts we access every day, it would probably be doable. But, many times we have accounts to things we only need to access occasionally.

    At which point memory will likely let us down. We need some help.

    Password managers are secure applications that help us store and organize passwords. It is simply the best way to manage all the accounts and passwords we have.

    All we need to do then is remember the password we need to access the password manager.

    If you’ve followed the advice above, your password manager password will be strong and memorable.

    Change your passwords regularly

    The dreaded password change. Often people see this as either optional, or a needless inconvenience.

    But there are very strong arguments for why changing passwords regularly is essential for password security.

    For example, brute-force attacks are used to decipher passwords. They work simply by trying every possible combination of characters.

    The limitation of this type of approach is that it requires a lot of time to achieve its desired result.

    Although – even then, this can be surprisingly short.

    Using our example above, according to How Secure is my Password, “Ninja1!” can be cracked in 7 minutes.

    Changing passwords frequently can minimize the risk that a brute-force attack has enough time to breach your password security.

    Not to mention that it can also minimize the danger posed by password leaks.

    Don’t casually share your passwords

    You would never share your password with anyone, right? Especially not a stranger.

    When we’re not focused on security, it can be easier to fall into a trap than we realize.

    If you think one of your accounts might be compromised, be sure to change the password as soon as possible. With sites like Haveibeenpwned you can check if your data has been breached.

    Ensure you have anti-malware installed

    What’s the connection between password security and malware?

    Well, some types of malware are able to track keyboard inputs for account and password information, and transmit that information to a malicious third party.

    The strongest password will do us no good if Malware is able to track the input from our keyboard.

    Which means that part of our password security regime must be to ensure our devices are malware free.

    Malware often uses security flaws in unpatched software to infect a system. Therefore an up-to-date operating system is also needed to fully protect your device from being compromised by malware.

    Enable two-factor authentication

    Two-factor authentication provides an extra layer of protection for your password security regime.

    On top of a password, authorized access requires another factor to login to your account.

    For example, a second factor might be a time-limited security code generated by an authenticator app on your mobile device – such as two-factor authentication with TeamViewer.

    As Intel describe, even our own bodies could be used as passwords as part of two-factor authentication.

    Access is only granted when the username/email address, password, and security code is entered correctly.

    This is perhaps the most sure-fire way to ensure total password security, as even if your password is compromised, access will not be granted to your account without the correct second factor authentication.

    Password Security Key Takeaways

    Being absolutely sure of password security is a major relief. All sorts of potential problems can be avoided.

    Once you’ve set up the system you want to use, practice makes it a part of every day business.

    In summary, password security means:

    • Dropping the predictability. “Ninja1!” doesn’t cut it
    • Leave one-word passwords behind
    • Long and strong passwords are better and can be easy to remember too
    • A different password for every account stops hackers in their tracks
    • Password managers are a must-have tool for password security
    • Changing passwords regularly is not optional
    • Be careful not to reveal passwords to untrustworthy sources
    • Make sure there is no malware on your devices
    • Use two-factor authentication wherever you can

    I hope you found this advice useful. Do you have any advice to share? Add a comment below.