Three Things You Need To Know About Strong Passwords
It’s a dangerous Internet out there!
One of the first lines of defense we have to protect our precious personal information is the passwords we use to connect to our bank accounts, credit accounts, shopping sites, Facebook, Twitter, and everything else we do online. In some cases, our username and password are the only line of defense.
There are three things you need to know about passwords. First, that they need to be as strong and hard to guess as possible. Second, the characteristics of passwords are hard to guess, and finally, how to remember and use hard to guess passwords.
To keep our information and property as safe as possible, we need good, strong passwords. Many sites enforce password policies that require a minimum length and force certain types of characters like numbers, symbols, and both upper and lower case letters.
Too often, people work around this and use the name of a family member or pet combined with a number. Sometimes passwords are clever and use a “3” in place of an “e”, or a “$” in place of an “s”. Are these good, strong passwords? No, because they are usually short and have patterns that are easier to guess using common password attack tools. Basically, if you can think of it and remember it easily, then a programmer has probably already built that pattern into a password tool.
Characteristics of a Good Strong Password
What makes a good strong password? There’s five characteristics of a good password.
1. Passwords must be as long as possible
Many sites allow passwords to be 12 characters long or more. Passwords should be as long as allowed (or nearly as long). Password attackers can find a password trying all the possibilities. A long password means there are more possible passwords that need to be checked. You don’t need to use the maximum password length, but more characters result in a password that will take longer to attack.
2. Passwords must contain upper and lower case letters, numbers, and symbols
Many password policies require passwords to contain upper and lower case letters and at least one number. This is good. Even better would be to put numbers in unpredictable places. For example, don’t use a “3” in place of an “e”, use it in place of a different letter. The different types of characters increase the complexity and make the password tougher to guess because there are more possible combinations.
3. Every password must be different
This one is critical! Each time a password is created or updated, it must be different from all your other passwords. Select a new password every time. When the same password is used for multiple accounts, and an attacker gains access to one account, they gain access to multiple accounts. That’s a huge reward for only getting a single password. In addition, if a website reports that their acccount passwords were stolen, you only need to change the password for that site, not several sites that all used the same password.
4. Passwords must either be memorized or recorded in a secure location
If you are anything like me, you have at least a couple dozen accounts and probably a lot more. Each of those has a password. It’s not realistic to try and memorize all those passwords, so we write them down, track them in a spreadsheet, or use some other method to remember them. As long as that password list remains safe and secure, our passwords remain difficult to guess.
5. Passwords must be changed regularly
To protect ourselves from unknown password leaks, passwords should be changed every six months or so. This is equivalent to changing your door locks every so often to prevent access by someone who may have found a lost key. The stronger your passwords are based on the previous four characteristics, the less important this one becomes. It is still good to change your passwords, especially for accounts that are more critical (like your online bank account).
After all that, you are likely thinking…
Strong passwords are too difficult! Can I just give up?
Yes, coming up with strong passwords is difficult. Don’t give up, and don’t worry. I have solutions to make it all much easier.
Unless you have a superhuman ability to remember passwords, you are going to need a safe place to store passwords that is also well protected. I’ve been using a software application for over a year to keep my passwords safe and organized. It’s called 1Password and I can no longer live without it.
You create a single password that you use to access the application (hence the name, 1Password), then you can add accounts and other personal information for secure storage. The key is that you only need to remember one password, and all your other passwords are secure.
There are desktop versions for OS X and Windows. There are also mobile versions for iOS and Android. If you own the app on multiple platforms (like your computer and phone), then you can synchronize between them. That means when you update your password at your computer, it will synchronize with your phone or tablet and your new password will be available. Once you add your accounts, 1Password makes it easy to populate username and password information from the app to any website or to another app.
One of my favorite features of 1Password, and the one most relevant to having secure passwords, is the password generator. 1Password will generate a long, random password with letters, numbers, and symbols. It then makes it easy to enter the password on the change password form for the website or app, and finally save it with your account information within 1Password. All this is done with a high level of security.
1Password also makes it very easy to export your passwords to a text file. I regularly export my passwords, print them and lock them away. My spouse knows where they are and would be able to use them to access all the accounts in case of an emergency.
There are other similar password managers available. I like the features and interface of 1Password the best. 1Password is available on many platform, namely Apple OS X and iOS, Microsoft Windows, and Android.
If that was confusing or didn’t convince you, then maybe this video will help.
It’s important to remember that no password is completely unguessable. Given the right tools and fast hardware, any password can eventually be guessed correctly. Our goal is to make it as difficult and unlikely as possible that our passwords can be guessed and our accounts hacked. By creating and using strong passwords, we make password guessing difficult for those that want to gain access to our accounts.