Thursday, August 7, 2014

Password Redux

Given the spate of security compromises that have occurred this past year, many of my posts have emphasized the need for aggressive password management.  Unfortunately, aggessively managing passwords comes with its own set of problems and challenges.  Here are a few tips and pointers to help:

  • How Can I Tell If My Password Is Strong?  As a general rule, passwords are considered strong if they contain a combination of upper- and lower-case letters, numbers, and special characters.  Passwords should be at least 8 characters in length, as shorter passwords are exponentially easier to break.
If you want to get a sense of how strong your password might be, take a gander at howsecureismypassword.net   The site doesn't capture your password, but it'll give you a readout of how long it will take a standard modern PC to crack your password.  It's not mathematically perfect, but it can easily show you the difference just adding one special character or lengthening your password
  • How Do I Keep Track of All My Passwords?  Remembering all those complex passwords is the biggest reason people reuse passwords or choose weaker passwords.   There are a handful of different things you can do to help with this problem:
    • There are ways to construct complex passwords that make them less random and thus easier to remember.  There are several articles which lay out different schema.  Here's a link to one of the better ones.
    • Place your password inside of a spreadsheet or document, then save that dcoument in password protected mode.  Then compress/zip that file using software which allows you to encrypt the file and password protect it (e.g.:  WinZip)
    • There are a variety of password management tools out there which will store and protect your passwords for you on your computers and mobile phones.  If you go this route, though, ensure that your tool is reputable -- since bad guys will throw up faux "password management" apps as a method of stealing your passwords.  The reputable password management tools all have advantages and disadvantages;  this recent article reviews and compares them  all.  For free applications I like KeePass...but LastPass Premium ($12/year) is truly the gold standard for password management tools.
A reminder:  if you use a password management system ensure that the password for this system is as strong as you can make it.  That password is, quite literally, the key to your online kingdom.

Hope this helps!

1 comment:

  1. Password safety is a joke. I’ve been an IT contractor for over a dozen different companies on various projects and the way that employees share with utter disregard for security protocol is scary. I’m surprised more companies don’t get hacked into. They all need to start using a important password manager like PasswordWrench yesterday.

    ReplyDelete