Essential Password Security

Most people think they are immune from using strong and unique passwords because they aren’t incredible rich or have an important job, this train of thought is totally wrong. There is a 95% chance your data has already been compromised. Some of the largest data breaches include Ebay, Target, MySpace, Home Depot, LinkedIN, US Military (military and civilian contractors), Sony PSN, and even the 191 million people in the US voter database.

To see all major security breaches over the past few years take a look at this graph.
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Hacker typing on a laptop

DO NOT USE THE SAME PASSWORD FOR EVERY WEBSITE!!!

This is the absolute most common and worse offense in my opinon. All too often I hear about bank accounts, work accounts, social media accounts, forum accounts, and more sharing the same email address and password. This is the worst possible thing you can do, and if you take one thing away from this article I hope it’s this very important point.

When you use the same password for every website, you are trusting 150 different websites to be ethical and secure. All it takes is one breakdown and all the sudden you have 150 accounts that have been compromised. We read about major companies getting hacked everyday. I have a Sony account, Home Depot account, LogMein account, and some of the others that have been hacked recently. Had all my passwords been the same, hackers could have had access to my facebook, bank accounts, and everything else.

P.S. That also means don’t change only 1 character of your password when you are forced to change it. I have seen too many people change their password from “mypassword1” to “mypassword2”.

security_lock_ss_1920

PASSWORD LENGTH MATTERS MORE THAN CCOMPLEXITY

Password complexity is important because a complex password is much harder to guess than a standard password that can be derived from a dictionary. Nowadays “complex” passwords are a requirement for most networks and websites. If you try to use the password “computer” it will be rejected by 9/10 sites. However most of those sites would probably accept “Computer1”

The problem is that “Computer1” isn’t very secure either. Especially if you are using it for multiple websites (see the first topic). We want to increase the length of our password so Brute force programs are much more difficult for hackers to use. The difference between cracking a 8 character password and a 12 character password with Brute Force is night and day. An 8 character password can be cracked in hours where a 12 character password would take weeks or possibly months to crack depending on the skill of the hacker.

Complexity does play a role in brute force as well. If a password uses only numbers and standard characters it can be easily cracked since the possible combinantions are much less than if you include special characters.

Safe and Easy to Remember Passwords

Passphrases are safe and easy to remember. I want you to refer again to my first point, though. DO NOT USE THE SAME PASSWORD for different logins. Always keep that in mind or the other methods mentioned here won’t matter because all it takes is one breach and your secure password or passphrase is compromised.

When creating memorable passwords you can use a sentence like “My cat is orange.” or “My dog is yellow.”. Both of those passwords are easy to remember and type, but are hard for computers to guess. There is capitalization, special characters (spaces and punctuation), and decent overall length.

Memory-Network

Password Management

So I read your first point “Use a different password for every website” and it makes sense. However, how the hell am i supposed to remember and create 150 different usernames and passwords.

You are absolutely right, you can never remember 150different usernames and passwords. You must use some type of password manager to help you with this task. You can use easy to remember passphrases for accounts that you constantly login to such as work or email, but for less common passwords you must use a password manager.

Let’s go over a few different password manager programs.

Dashlane
Platforms: Windows, Android, iOS, Mac
Price: Free or $40 a year

Dashlane is a cloud based password service. You create one complex master password that unlocks a safe to all your stored passwords. I know what you are thinking, Great my passwords are stored on someone else’s servers. Dashlane and other similar services do a few things to make sure they cannot access your safe. First of all they do not store the master password on their servers. Instead once you authenticate you get a token on your device. On top of having that token, you must locally authenticate using the master password to open your safe. You can read more about Dashlane security here. https://www.dashlane.com/security

The main difference between the free and paid services is the ability to sync to your devices. If you are like me you have a multitude of different devices you use this is essential. I use it on my PC, tablet, phone, work PC, and more. One of the nice features of Dashlane and other services is that they have the ability to transfer over your already saved passwords from Google Chrome, Firefox, or IE. Another thing I really like is the fact that Dashlane autofills your passwords as you browse and if you are creating a new account it gives you the option to generate a new password and saves it in your safe immediately. I have passwords that I haven’t even looked at before and I couldn’t even tell you what the first character is, yet I use them almost daily.

In addition to passwords you can store bank accounts, credit cards, drive license, Wifi passwords, and much more. It is a real time saver when that random website asks for your driver’s license information when you are renting a U-haul or applying for a job.

dashlane

Last Pass
Platforms: Windows, Andorid, iOs, Mac, Linux
Price: Free or $12 a year

Last pass is very similar to Dashlane. It is less expensive, but the interface isn’t as nice IMO. One advantage Last Pass has over Dashlane is that the browser plugins work fine in Linux. I use Linux at home and I have to use Dashlane’s web interface which isn’t as nice as the autofill version available for Windows and Android.

The advantage of Last Pass is the price and for most users it has all the features you could want. I leaned towards Dashlane personally because it saves me a little more time at each login. Being an IT professional and having a database of well over 500 passwords it makes a big difference.

https://lastpass.com/how-it-works/

lastpass

 

Keepass
Platfroms: Windows, Android, iOS, Mac, Linux
Price Free (Open Source)

Keepass is a great alternative for those with some technical knowledge. It is 100% free and since it is open source you never have to worry about being charged to use it. I used Keepass for years and it is great password database platform. It is quite as automated as the other two password suites, but it can store passwords securely and sync between devices if you have the technical knowledge to do it.

I opted for a manager that would save me time as I enter 50 passwords a day, but Keepass is 100% viable alternative to the competition. You can download Keepass for free on your computer or in your Appstore.

http://keepass.info

keepass

I have been an IT professional for 12 years now. I have been building websites for 15 years, and I have done Social Media management for 5 years. I am currently training to do ethical hacking using penetration testing and various tools. I am hoping to be a certified Ethical Hacker by the end of 2016.

Comments (0)


menu2