What’s your best suggestion for managing passwords, so I can make sure to use unique passwords on all my accounts?
This question was answered on December 17, 2014. Much of the information contained herein may have changed since posting.
Passwords are one of the most important elements of security, but still one of the most overlooked by the average user.
As I’ve previously written, the tech industry has done a horrible job with password education that has created an environment where complex passwords are hard for users to remember, but easy for hackers to break.
Simply making passwords longer will exponentially increase the security against a common exploit known as the brute force attack (a sophisticated high-speed guessing process).
With computing power so readily available to hackers, no matter what combination of the typical 8 letters, numbers and special characters that you’ve been trained to use, it takes just over one minute to break.
You can see for yourself with Gibson Research’s Haystack tool: https://www.grc.com/haystack.
A better way to build secure longer passwords is to use passphrases that are easy for you to remember and a waste of time for brute force attackers.
For instance, ‘I Hate Passw0rds!’ is a 17 character password that takes the brute force time from 1.12 minutes (for any 8 character password) to 13.44 billion centuries.
Making sure you use unique longer passwords for every account makes remembering all your passwords pretty difficult, if not impossible, so finding a password manager of some sort is the key.
Although there are lots of password management programs, don’t forget that a low tech approach may be all you need.
Writing down your passwords and keeping it buried somewhere in your desk is a far better option than using the same password on every account you own.
The total number of ‘hackers’ that can gain access to a physical piece of paper buried somewhere in your desk pales in comparison to the millions that know to try a compromised password everywhere.
The key is to not make it obvious that the document (physical or electronic) is a list of passwords.
Don’t use the word password anywhere on the document and come up with your own encryption scheme just in case someone does find it.
For instance, add 4 random characters to the beginning of each entry so only you will know to ignore them.
While this approach isn’t technically as secure as using an encrypted password management program, it’s a heck of a lot safer than using the same password everywhere and easier for non-tech savvy users to execute.
Dashlane is in the process of launching a new password changer tool that makes updating passwords much simpler when someone you do business with gets breached. You can learn more and sign up for early access at http://goo.gl/VN6jQe.
If nothing else, make sure you’re using a unique long password on your e-mail account and activate 2-factor authentication, as it’s the gateway to everything you own.
Remember, password reset messages get sent to your e-mail account so protect it like no other.
About the author
Posted by Ken Colburn of Data Doctors on December 17, 2014