One of the most fundamental things that you can do to protect yourself when it comes to data security is making sure that you have good, secure passwords. Passwords carry over into almost every aspect of what we do with technology, from the moment that you login to your computer in the morning, to your social networking accounts, to your various mobile devices. So making sure that you’re taking a good solid approach to developing your passwords will help ensure that you’re secure across all of your technology use.
Unfortunately, we tend to have pretty bad habits when it comes to passwords. Not only do we come up with really simple passwords that would be pretty easy to guess or to break, but we also have bad habits when it comes to how we store those passwords. I think one of the most common passwords is actually the word “password,” for example. It’s all too common for people to have the sticky note, either on their monitor or maybe somewhat hidden underneath the keyboard, that lists their password for their computer and maybe the passwords for a lot of the commonly used services that they use on their computer. Unfortunately, people know where to look for those Post-It notes, and if you’ve got them written down like that, you’re really at risk of being compromised. So it’s important that we have good habits around passwords and it’s important that we develop good passwords to begin with.
So what makes a strong password? Well, there are a few rules that, generally, are recommended for coming up with a secure password. You may have heard these before. It’s things like having upper and lower case characters. It’s including numbers. It’s including symbols or spaces, like special characters within the password. It’s making sure that the password is fairly long. These days most people suggest that your password should be 15 characters long. There’s a new suggestion that makes that number go up just about every year. It’s gone from 8, to 10, to 12, to 15 now. Longer is better. And finally, it’s important that your password be unique.
You want to avoid using the same login and password for every service and every device. When you do that, you really run the risk that a single password becomes compromised and you end up with a domino effect where somebody is able to access a wide variety of devices or accounts. Unfortunately, what a lot of hackers are doing these days, or scammers, is they’re trying to get access to passwords that you worry about a lot less. So if you’re using a greeting card site, or if you’re using something simple like a little innocuous tool online that you don’t think very much about, they try to go in and break those passwords where the security may be less comprehensive. Their hope is that you’re using the same password and username combination on other accounts. So if they break into that greeting card site, they can then take that information and they’ll try to login to your email, or into your bank account, where there really is sensitive information. So again, it’s important to have unique passwords.
- Mason Bogomil 453rd Ferry
Now let’s take a quick look at two different password options. The top password option looks like what we often see thrown around as an example of a secure password. It’s complicated and it includes all the different categories that we mentioned of upper and lower case, numbers, and symbols. It’s also sort of incomprehensible which we tend to naturally assume means it’s secure. But the reality is that this is actually not a very secure password, and its big weakness is that it’s not very long. The other major problem with it is a practical problem, which is that it’s impossible to remember. This is why we end up writing our passwords down on Post-It notes and putting them on our monitor. It’s because we can’t remember our passwords because we’ve come up with something ridiculously complicated.
Now the second password, you have something that seems like, at first glance, isn’t terribly secure. Well, these are recognizable words. We can read this and understand what it means, but it’s quite long. It contains all the same characters that we’re talking about, upper and lower case, numbers and symbols. In this case, the symbol is the space. It’s also secure in that while it’s memorable to me, these are meaningless words to other people. These are street addresses that have a specific connection in my mind, so it becomes quite easy for me to remember while being difficult for other people to guess.
It’s long and it contains all the different security factors that we’re looking for. Actually, if you run both of these passwords through one of the various online calculators that tell you how long it would take to crack a password under a bruteforce attack, the reality is that the top password can be broken in a matter of minutes. Most calculators estimate that the bottom password would take centuries to guess with current computing technology. So really, I would suggest that you throw out the notion that a password has to indecipherable to be secure. Just make sure that you’re meeting these basic criteria that we’ve outlined and that you’re keeping the password long. If you can, make it a passphrase that’s something you can remember so that you’re not having to turn to things like the sticky note on the monitor.
Finally, you want to consider those security questions that you always get asked when you’re setting up a new account. Things like, “what’s your mother’s maiden name?” Unfortunately, a lot of these standard questions that get thrown out, the answers are information that may be public record, or information that could be easily obtained by scrolling through your Facebook account, or looking through your Twitter account. So you need to be really careful about what you enter in for these kinds of security questions. Now some sites will actually let you write your own security questions. That’s great because you can pick something that nobody else would be able to know, but it’s a question that would trigger a specific memory for you.
One thing I would advise, if they give you standard questions like these, there’s actually no obligation here to be honest. With questions like “what’s your mother’s maiden name?” are ones where you can lie and make up some other name. Something that you’ll remember, obviously, but it doesn’t have to be the actual mother’s maiden name. It just has to be something that if you’re asked this question, because you’ve forgotten your password at some point, you’ll be able to recall the answer so that you can recover your lost password.