As more and more services have moved online in response to Covid-19, password security is more important than ever. Whether it’s your bank, your email, or your social media, it is important that you start taking password security seriously to protect yourself online.
Implementing better password security can seem overwhelming, but there is no better time to start. And, it’s not as complicated as you think.
There are only 3 simple guidelines you need to remember to implement better password security.
#1 Create a new password for every account
By using unique passwords for every service, you can help avoid additional risk if your password on a single service is compromised. If the only service for which you use a given password gets hacked or exposed, then you won’t have to change your password on many sites, because none of them are also using the compromised password.
For example, let’s say you use the same password for your email account, Facebook, Twitter, bank, and a few other sites. Then, you get an email from Twitter describing a data breach (like their 2018 data breach which exposed the plain text passwords of 330 million users14). Unfortunately for you, you can’t just change your password on Twitter, you must also change your password on your email account, Facebook, bank, and any other sites where you were using it. So, if this does happen to you, make sure to change each of the sites to a unique password.
#2 Create complex passwords
Create passwords using upper case letters, lower case letters, numbers, special characters, spaces – as many different options as the service will allow and at least 9-10 characters in length. Longer is better here and many people advocate using passphrases, such as a string of 4 unrelated words, for their ease to remember and their mathematical complexity. Avoid using any of the following: any real words, proper names, foreign words, or personal information.
Some examples of really bad passwords from a recent list include: “qwerty123”, “superman”, “password1”, “sunshine”, and “baseball”. If you’re using any of these passwords, please go change them now.
Why is a long complex password better?
It has to do with how password cracking attacks are carried out, through a combination of dictionary-based words, common substitutions, comparisons to previously hashed results, and finally, brute force2,9. It makes it much computationally harder to brute force crack your password if it meets all these criteria and is, at the very least, 9 characters in length9. This comic from xkcd8 gives a peek at the math behind brute force password cracking in relation to password complexity.
If it sounds like it’s still too complicated, keep reading for a better solution.
#3 Start using a password manager
A password manager maintains an encrypted list of your passwords that you protect with a really good password that you keep very secure. It enables you to autofill passwords and look them up as needed. It simplifies the process of using a different, complicated password for every service you use.
Using a password manager allows you to use a hard to remember AND hard to guess password. It’s the best of both worlds.
If you want to learn more about passwords, I recommend watching the video ‘How to Choose a Password’ from the Computerphile channel on YouTube10. And check out the additional links below for some more in depth password videos.
Are you already using a password manager? Tell us about your favorite in the comments!
Additional Links and Information
- World’s Biggest Data Breaches & Hacks. (2020, January 29). Retrieved February 12, 2020, from https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
- Granger, S. (2002, January 16). The Simplest Security: A Guide to Better Password Practices. Retrieved February 12, 2020, from https://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices
- Intuit. (n.d.). Password & Username Best Practices. Retrieved February 12, 2020, from https://security.intuit.com/index.php/protect-your-information/password-username-best-practices
- Chaikivsky, A. (2017, February 7). Everything You Need to Know About Password Managers. Retrieved February 12, 2020, from https://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/
- Rubenking, J. (2019, December 26). The Best Password Managers for 2020. Retrieved February 12, 2020, from https://www.pcmag.com/picks/the-best-password-managers
- Price, R. (2017, February 22). Password managers are an essential way to protect yourself from hackers – here’s how they work. Retrieved February 12, 2020, from https://www.businessinsider.com/how-to-use-password-manager-store-protect-yourself-hackers-lastpass-1password-dashlane-2017-2
- Winder, D. (2019, December 14). Ranked: The World’s Top 100 Worst Passwords. Retrieved February 12, 2020, from https://www.forbes.com/sites/daveywinder/2019/12/14/ranked-the-worlds-100-worst-passwords/
- xkcd. (n.d.). Password Security(comic). Retrieved February 12, 2020, from https://www.xkcd.com/936/
- De Joya, M., N. De Guzman, M. Bilon, and A. Sentones. (2019, October). Use of Different Graphic Processing Unit Architectures to Analyze Variance in Hash Cracking Rate and Real World Implications of Password Creation by Users. The Online Journal of Science and Technology, 9(4). Retrieved February 12, 2020, from https://www.tojsat.net/journals/tojsat/volumes/tojsat-volume09-i04.pdf#page=50
- Computerphile (Youtube Channel). (2016, July 20). How to choose a password. Retrieved February 12, 2020, from https://youtu.be/3NjQ9b3pgIg
- Computerphile (Youtube Channel). (2019, May 1). How password managers work. Retrieved February 12, 2020, from https://youtu.be/w68BBPDAWr8
- Computerphile (Youtube Channel). (2017, August 30). 2FA. Retrieved February 12, 2020, from https://youtu.be/ZXFYT-BG2So
- Computerphile (Youtube Channel). (2016, July 13). Password cracking. Retrieved February 12, 2020, from https://youtu.be/7U-RbOKanYs
- Gartenberg, C. (2018, May 3). Twitter advising all 330 million users to change passwords after bug exposed them in plain text. Retrieved March 31, 2020, from https://www.theverge.com/2018/5/3/17316684/twitter-password-bug-security-flaw-exposed-change-now