Secure Passwords, Password Managers and You!

With Data Privacy Day coming up tomorrow on January 28th, it seemed a fitting time to bring up again the subject of passwords. No matter where you go online you inevitably end up with gobs of different services and accounts, all needing a password. Not only that, but every news source and Facebook feed is filled with data breaches, hacked accounts and users who thought they had a secure enough password that they could use it everywhere and remember it! As a result, your first line of defense is learning what we mean by a Secure Password.

 

Secure Passwords

Take a look around at almost any site where you are asked to create a password, and you probably see rules like: “8 Characters Long, Must Contain A Number and/or Symbol, or Upper Case/Lower Case Letters”. As a result, you aim for the minimum and create a password like: January!7. On sites with password strength tools they come back on that with a nice green light and say this is a strong password, and therefore is secure. In reality, this password can be cracked just as quickly as January17, or january17.

What is a secure password? Ideally it should be as random as possible, 16-20+ characters (as long as the site allows that length), and a mixture of all characters/symbols, and nothing that represents a word. In most cases, these are best generated by a password generator or password manager, so that you get a password like: x4Xy=a?6YyF%/{GY4g

This however leads into the fact that, unless your a Walter O’Brien genius, you probably cannot remember that password, let alone a password like that and unique for each and every account you use. Hence, we use secure password managers.

 

Password Managers

A Password Manager is software, either local or cloud based, depending on your needs or usage, which allows you to store all your randomly generated passwords for all your accounts in one location, which is ideally encrypted and secure in it’s own right. These services can range from cloud offerings like LastPass and 1Password, to offline/local offerings such as Enpass. All these services have the same core offering; generate random passwords, store them in the program/service, and then you only have to remember one password.

Personally, I prefer to use Enpass as I like having control over my offline encrypted file. Enpass can sync the file to services like OneDrive and DropBox, and if any of my devices or those cloud services become compromised, my passwords are still protected by my Enpass master password in an encrypted file. Likewise, I also then can always have access to my file of password and personal data even during an internet or cloud service outage. (Disclaimer: I am just a fan of Enpass, this is not a paid promotion, referral or affiliate article in any form)

Have I convinced you to use a Password Manager yet? Great! Now…here is our Achilles Heel…the so called Master Password. Remember those rules above for secure passwords? You need the same here in some form, as otherwise setting your master password to something like P@$$W0RD, which meets all the minimum rules that most websites ask for, is nullifying the point of the whole password manager system. However, as earlier, your probably not going to remember x4Xy=a?6YyF%/{GY4g, and please, don’t write it down, and don’t save it as a totally hidden note on your iPhone. Instead, we create a secure password from a PassPhrase that you can remember.

 

Secure PassPhrase Password

Instead, we create a password that looks like the random ones earlier, but it’s source is based on a PassPhrase that likely only you will know. A very common and secure method to generate these passwords is to come up with a long phrase, and use the first character of each word (replacing some with symbols) to generate the password. For example, we can take a movie quote:

“You don’t need to see his identification … These aren’t the droids you’re looking for … He can go about his business … Move along.”

To Generate a Password like: Ydnt$h!.Tatdylf.Hcg@hb.M@.

It looks like complete gibberish, but as long as you follow the same rule for what letter you replace with what symbol, all you need to do is remember your quote and you can remember the password. If you’re really concerned about forgetting this password, as long as you don’t write it or your rules down, you can always keep something like a poster in your office of the movie scene and quote, and no one will be the wiser! It’s still possible that a hacker using a sophisticated algorithm might get lucky and crack this, but it’s highly unlikely and very secure!

 

Two-Factor Authentication

No article on passwords and modern password security is complete without mentioning Two Factor Authentication. The basic premise of which is security locked behind a two-stage (or more) process, such as something you know (Password or PIN), and something you have on you (Key, SmartPhone, etc.). Many popular services now offer this type of authentication, and you should always use it!

The most common implementation for end users of Two Factor Authentication is knowing a password, plus having a cell phone that the service can Text/SMS or E-Mail you a secondary code too. In this way, both your secure password and a physical device you carry with you need to be compromised. Other services will often tie into your tablet or phone with other Authenticator apps to have you enter a unique and randomized code in conjunction with your password.

 

Data Privacy Day is tomorrow, no better time then now to start using Secure Passwords, Password Managers, and better protecting your Personally Identifiable Information (PII).

Please follow and like us: