The humble password remains central to a healthy privacy practice. Like a mantra which calms the mind and centers our concentration, the password is a fundamental part of cybersecurity. The integrity of our passwords can go a long way towards protecting us from fraud and identity theft.
But our passwords are only as effective as we make them. Unlike a mantra, which is simple and memorable, our passwords need to be complex and strong. If you’ve taken password security for granted, now is a great time to hone your privacy practice with a three-step primer on password best practices.
1. Begin with Password Awareness
You may not think too hard about your passwords, but Lorrie Faith Cranor has thought a lot about passwords. As a computer science and engineering professor at Carnegie Melon, she studies usability privacy and security. In her TEDtalk, “What’s wrong with your pa$$word,” she tells the tale of her journey into password research. The conclusion she comes to may sound (uncomfortably) familiar:
“So it seems that at the end of the day, when we make passwords, we either make something that’s really easy to type, a common pattern, or things that remind us of the word password or the account that we’ve created the password for, or whatever. Or we think about things that make us happy, and we create our password based on things that make us happy. And while this makes typing and remembering your password more fun, it also makes it a lot easier to guess your password.”
Your password may not be so easy to guess, but you might be surprised how easy to guess many peoples’ passwords can be. According to SplashData, a password management security company, the worst passwords of 2016 were laughably easy to crack. Top of the list? “123456” and “password.” The others are hardly much more secure.
2. Level-up Your Password Habits
One common and misinformed mindset about password security is this: “If it’s a secret word only I know, how can anyone guess it?” Sure, one person might not guess it, but hackers use sophisticated computing power to rapidly test thousands of possibilities. So called “dictionary scans” make cracking simple passwords a breeze.
This article from InfusionSoft, “Why Cybersecurity Starts With Your Password,” provides an excellent overview of how to “level-up” your password habits. This includes:
1. Maximize “length, width, and depth.” The longer a password is, the more secure it tends to be. Width refers to the combination of different types of characters, including different cases, numbers, and special characters such as punctuation marks and other symbols. Depth is a quality which makes your password more memorable to you, but remains hard to guess. This might entail memorizing a phrase, but then translating that phrase into a sequence of unique characters.
2. Never reuse passwords. Each service which asks you to login needs its own unique password. This protects you from large-scale security breaches, where one password exposes multiple services such as your Facebook profile and your bank account.
3. Don’t write your passwords down. Do you have a Post-It note on your desk with all your passwords? Is there a plain text file on your phone containing all of your passwords for easy copy and pasting? Ditch this method for upgraded password management.
4. Use multifactor or “2-factor” authentication when possible. Many modern and secure services will ask you for more than password to login. This might include the answer to a personal question, biometric data, or a code texted directly to your mobile device.
Of course all of these best practices provoke a common complaint… it makes creating and remembering passwords harder, and logging in more complicated. Which is why you should embrace the enlightened path to password management.
3. Embrace an Enlightened Path to Password Management
If hackers use tools to crack passwords, why not use tools to help you tighten up your password practice? There are free and inexpensive tools available to help alleviate the complexities of password creation and management. Here are some handy solutions to common password woes:
1. Test your password strength online. The website How Secure is My Password? allows you to quickly and anonymously enter in a password to see how long it would take a computer to crack your password. Upgrade your security from “nanoseconds” to “85 billion years” in no time flat.
2. Use a password manager. Computers are exceptional at remembering complicated things, so why not leverage that fact for password security and convenience. This article from PCMag explains how password managers work and includes an exceptional review and comparison of a variety of password managers. As the article says,
“For your own sanity and security, install a password manager and change all of your passwords so every single one is different, and every single one is long and hard to crack.”
3. Find services which use “2FA.” Two (or multi) factor authentication ups the security of your accounts. The website Two Factor Auth helps you hunt down services which offer 2FA, and even gives you a quick and easy method for recommending non-2FA services you use embrace the approach.
Peace of mind online begins with strong passwords. Just be sure to remember: A good mantra can be a bad password