I have written articles on password managers and multi-factor authentication before. There is a reason for this. There have been several databases of leaked passwords over recent years, and one of the things this has revealed is that people aren’t always very good at picking passwords.
There are several reasons for this. With the number of passwords people have to remember nowadays, it is not always easy to keep track of a large number of complex passwords. This leads to some rather lax security practices, including password reuse and picking easy to remember passwords that are also easy to crack.
The problem is this leaves people increasingly vulnerable every time one of these password databases become compromised. This will become an increasing concern the more we become increasingly dependent on the Internet. I hope to try and encourage better password choices to try and make the internet a more secure place.
So why is good password choice important?
A lot of people think that because they are a nobody, they have nothing to protect and aren’t particularly concerned about having their passwords cracked. There are a few problems with this.
First is the issue of password reuse. Some people make the mistake of reusing their passwords across multiple services. The password for someone’s Facebook account might be the same, or similar, to the password used for their Internet Banking, Email and potentially many other services. This means that if one of these accounts is compromised, it might give access to many other services. You could then become a victim of identity theft, having your bank account cleaned out, or other similar criminal acts.
There are other far less severe consequences that might still cause you embarrassment. This could include using your account to send spam, have someone impersonate you to send unpleasant messages to your friends and family, or have someone read personal email that you’d rather not have them see.
Good password choice, as well as having unique passwords for every service you use, means this is a lot less likely to happen.
What makes a good password?
There are a number of techniques that you can use to pick a good password.
The best passwords will be at least 12 characters long, and be a random sequence of letters, numbers and symbols rather than be based on dictionary words. The password BnSH>.NFJ8UV will be a lot better than the password Password1234. It is very unlikely this sort of password will have been previously cracked. Being completely random, not using proper words and of a decent length, it will be more resistant to brute-force attempts. The password should also be only used on a single account, so if it does get compromised it will help limit the damage.
The downside of this approach is that it makes remembering passwords a lot more difficult. This is where a good password manager will help. Indeed I have written an article on password managers to help you solve this problem. Using a password manager means you don’t have to remember most of these passwords as you’ll have a tool that does all of that for you.
There is another strategy you can use if this might not work for you. You can create your passwords by stringing together four to five uncommon words. This is not quite as secure as the above method, but is at least slightly more memorable. This should generate a password that is long enough to be resistant to brute force, but might be slightly less resistant to dictionary attacks. I would still recommend using unique passwords for each site, and using a password manager to help you manage this. You can als ouse this method to create a master password for your password manager.
Of course none of this will guarantee that your accounts will never be hacked, but it will make it significantly harder.
What about multi-factor authentication?
I have also discussed multi-factor authentication previously. You can read the full article here, however the basic gist is that if you are able to enable this, you should. At the very least, you should use multi-factor authentication on the accounts that would cause you the most damage should they be compromised.
What this means is that, even if one of your passwords is compromised, an attacker will have another hurdle to jump over before getting access to your account. This adds additional security to your accounts, and if a service implements it well, it is usually only a minor inconvenience.
I hope I have convinced you here of the importance of giving this some thought.
While some people might find using password managers and complex passwords a bit cumbersome, the fact is that poor password choices are one of reasons criminals can so easily get away with their crimes. While some may argue this should be dealt with via the legal system, having a good password is one of the best ways of ensuring that criminals are less likely to be able to successfully attack one of your own accounts. You can think of it in the same way that a car alarm reduces the chances of your car being stolen.
The more that people take this seriously, the harder it will be for the bad guys. Considering these security measures can be one of the best ways of making sure that you do not become a target.