Passwords: Oh how we hate 'em....

-

Passwords. Ugh.

Proving you are indeed you has become a regular occurrence. Photo ID, passports and badges work in face-to-face encounters, but online, not so much. There we must rely on other means to confirm our identities as a good percentage of the seven-billon other planetary residents are trying to do the same thing at any given time.

Until every resource on the Internet can agree on standards for emerging technologies such as biometrics like facial or voice recognition, fingerprints and retinal scans, or we’re all implanted with RFID chips or other biomechanical devices, we’re pretty much stuck with using passwords. 

Once again, Ugh.

The good news
Using the characters on a typical keyboard, you have approximately 3,051,925,477,389,360 possible 8-character passwords, give or take a few trillion.

The bad news
You must come up with and remember at least one of those combinations.

The badder news
You really shouldn’t use the same password for multiple sites or resources.

What is the risk?


How simple life would be if you only needed one key to start your car, open your front door, lock the liquor cabinet or secure your bike to a post. Wow. That would be so much easier. At least until someone gets hold of your spare key. Suddenly all your stuff is open and available. Now think about online banking, prescriptions and health records, e-mail and text messages, online shopping accounts, phone and e-mail contact lists, even your yoga membership. Do you use the same password, even though there is such a wide range of importance to the sites you visit?

But aren’t the passwords secure?

Banking, healthcare and high-end online shopping services typically incorporate the latest in encryption and protective technology. They’re quickly learning their lessons after attacks on Monster (job hunting), Target (online and personal shopping) and Ashley Madison (um, uh…) and are less likely to be the focus of hackers. However, the gym or coffee shop down the street that asks you to create an account for a ten-percent discount are likely not going to have enterprise-level security in place, and as such, they become the weak link in the security chain. Ask Target. Hackers got into their site through one of their vendors.

The website says I have a “strong” password. Isn’t that enough?

Considering many people use the same password on multiple sites, a security breach on that scented candle website can lead to identity theft on a much grander scale. Sure, banks and credit card companies will step up with additional protection, but those of you who have lost a purse or wallet understand the hassle in replacing the missing items. With password breaches, you might find new credit cards, loans and accounts set up in your name, someone else’s picture on your driving license, or your paycheque deposited in another bank account. You might even find your password doesn’t work anywhere anymore.

This is scary. What can I do?

The first option is to learn how to create strong passwords. This puts the onus on you to create and manage separate passwords for each site. It doesn't have to be as difficult as it might sound, and there are standards that should be incorporated into your selection.

The second option is to find and use a reputable password management tool, also known as a password wallet. These utilize an encrypted file containing unique, strong passwords linked to specific sites and resources, with a single key or code that opens the encrypted file at the appropriate time, allowing you to copy and paste or directly connect to the site needing the password. These tools may incorporate utilities to create very strong, random passwords, and all will allow you to create your own. In any case, they remain under lock and key, but you still must protect that “master” key, so you might as well get used to how to create a strong password.

Check this research out from Consumers Advocate on Password Managers, click this link to read their article on Password Managers Research - Consumers Advocateand don't forget to read the rest of our blog below as well for some great tips and tricks!


Here are some basic rules plus a few tips that will help you create something strong and unique, whether you want to use a wallet or come up with a set of passwords to use and manage.

A strong password

·         Consists of at least 8 characters, preferably more 
·         Contains at least three of the following – lower case, upper case, numbers and symbols
·         Uses rAndOm CapitaliZatioN and symbols (@#$%, etc.)
·         Never contains dictionary words, names or phrases in any common language
·         Employs ‘toothbrush’ logic, meaning it will be changed every 2-3 months 
·         Is unique and not be used in more than one location or recycled on the same account
·         Is not your user name, friend, child, parent or celebrity, birth date, shoe size or account number
·         Won’t be stored on a computer or anywhere on the Internet 

An easy-to-remember password

·         Comprises something only you would know 
·         Is relatively easy for you to recover should you forget 
·         Follows a format or pattern which allows you to create a new one without having to rethink the entire process each time
·         Incorporates some kind of reminder of where it is being used, without referring specifically to that particular use

Tricks and tips


Tip #1 - Pick a favourite quote, line from a movie, lyric from a song or even a sentence from a specific paragraph of a book:

Favourite quote: “Anything free is worth what you pay for it.
Take the first letter from each word: afiwwypfi
Add some random capitalization: aFiwWYpfi
Throw in a number or two: aF1wWYp41
Add a couple of symbols: *af1wWYp41!

Next, run it through a password checker to see just how secure it is. The one we just created isn’t perfect, but it is considered strong and likely to hold up to most attempts to crack or compromise. The checker may also give you hints on where and how to toughen up an existing password.

Tip #2 – If you must write it down, do not associate it with anything identifiable, and store it somewhere you must physically access to retrieve. And no, not under your keyboard or on a sticky note on your monitor (tsk, tsk.)

·         Write it down backwards or split it into two parts and reverse the parts
·         Stick it in a book on a shelf as a bookmark
·         If you have long passwords, split them into two parts and keep each in separate locations
·         Write down the password, fold and seal it in an envelope, put the envelope in a safe location. If for any reason you must refer to it or give access to someone else, change it immediately after use and repeat the hiding process.

Tip #3 – You can take passwords and substitute individual letters, numbers or symbols to make it into something you can recall more easily. The variation of the characters and the order in which they appear are the keys to password strength, not the actual letter or number in each position, if you don't contravene the rules for a strong password.



Author is Stefan Myles of Five Nines IT Solutions, a premiere IT Strategic Services Provider based in Kitchener, Ontario. Five Nines provides solutions, services and products for your organization to ensure IT. JUST. WORKS.

Comments

Post a Comment

Popular posts from this blog