Nobody likes passwords. They are a terrible way of authenticating users, and when done correctly, passwords are both difficult to guess and impossible to remember.
It’s a Catch-22. While nobody wants someone else poking around in his or her Gmail account, or worse, bank records, it’s exceptionally difficult to remember 30+ case-sensitive nonsense words for every professional and personal account we are required to create throughout the course of daily life.
In a perfect world, everyone’s passwords would be 16 characters long and purely random, with no resemblance to anything that you could find in the dictionary.
If you strive for perfection, I salute you. If you’re looking for a tactic that’s a bit more manageable, here are some tips.
- Create passwords that are at least eight characters long.
- Include special characters, letters and numbers with a mix of upper and lowercase.
- Change your passwords every 90 days.
- Never auto-save passwords.
When developing passwords, it’s important to remember that you’re not trying to keep a human from guessing them; you’re trying to keep a computer from guessing them.
For example, typically hackers start with a long list of email addresses and use a piece of software to run down that list and try the 10 most common passwords on each of them. With this kind of attack, the odds are good that if used on 1,000 accounts, you’re going to be able to hack into a few of them.
By avoiding some of the most dangerous and common passwords, you can protect yourself against this base-level attack. Stay away from:
There’s some utility to obfuscating a password by mixing in special characters and numbers where letters should be, but only if you started with a password that wasn’t a simple dictionary word. For example, changing “password” to “p@ssw0rd” won’t increase your security.
One of the worst things you can do in regard to passwords is to maintain the same password for all your accounts. Let’s say someone hacks into the popular daily deals provider LivingSocial, which happened just last month, and steals usernames, email addresses and passwords.
The next step for that attacker is to use that data to try to attack other applications. By simply maintaining different passwords for all accounts you are protected against this type of account.
A good practice is to use full names of characters, places, brands, etc., from a book, movie or video game and then modify those names with special characters and numbers. “Nick Carraway” becomes “N1ckC@rr@w@y,” and “Daisy Buchanan” becomes “D@1syBuch@n@n,” for example. By using names all within “The Great Gatsby” or any of F. Scott Fitzgerald’s works, you limit the number of passwords you have to try before picking the right one.
Another good option is to use a password management application like KeePass or LastPass to maintain your passwords. These are applications that store your encrypted passwords on a server.
Many within our industry, and a lot of people in general, are waiting for someone to build a breakthrough technology that gets us away from passwords, a way to keep our accounts secure that’s intuitive and requires little user effort.
This advancement isn’t here yet, and unfortunately it’s going to be a while.
It’s a bit of tough love, but it’s necessary to say — when it comes to passwords, create good ones, then put in the effort to memorize them. Yes, there’s effort involved. Think of it this way: The time you used to put towards memorizing phone numbers, you can now redirect towards passwords. We promise, it’s worth the commitment.
This post also appeared in The Tennessean.
[vc_row][vc_column][wproto_image image=”10940″ link_type=”custom” custom_link=”http://concepttechnologyinc.com/disasterrecoveryplan/” image_align=”aligncenter”][/vc_column][/vc_row]