Passwords have become a necessary nuisance in today’s digital age. We use passwords thousands of times a month—to log in to computers, email and social media accounts, and numerous other systems. The biggest headache is remembering which password corresponds to what system or device.
Passwords need a combination of upper- and lower-case letters, symbols, numbers and sometimes your left leg just to achieve the “strong” value on the password meter. That’s a lot to recall. So, rather than relying on memory, often we use the same password for multiple sites or save passwords in a convenient place, such as a sticky note under the keyboard, on our mobile devices, or in a computer file.
The challenge is that we need passwords to protect the systems we use from malicious individuals—or even just curious children. Either way, using the same password for every login location is bound to cause a problem in the event someone gains access to it.
To minimize the password-management headache, consider these five ways to help make the process easier.
1. Password Storage: We tend to store passwords on paper or on our devices, which leaves usernames and passwords vulnerable. As we learned with the iCloud hack in 2014 in which photos stolen from the accounts of celebrities were leaked to the Internet—no system is hack proof.
Your passwords and accounts have monetary value. Right now, anyone can go to certain places on the internet and buy Netflix, Hulu, Facebook and credit card account information, all for less than $30, according to Symantec, a provider of internet security products.
So how do we protect ourselves? First, let’s consider what not to do. Don’t use generic passwords, such as “Password,” that would be easy for anyone to guess. Doing so will most likely lead to a compromise of your accounts.
Using your browser’s password-save options is a convenient way to store and retrieve your information if you are confident that you have created strong passwords that would be difficult for others to detect.
Instead, you could use a password manager. Though they have their own list of vulnerabilities, password managers allow users to secure their accounts with minimal effort. Most will create complex and lengthy passwords for you and will save your information for all the accounts that you have.
For information about the pros and cons of the most popular account managers, see the SANS Institute’s Whitepaper about password management.
2. Password Complexity: It seems that systems are never satisfied with what we enter. Although most of us create passwords based on names, places, or dates, doing simple things like changing an “O” to a zero, or substituting a special character for a letter can make a password more difficult to crack, as the following example illustrates.
Betterbuys.com has a great tool that will let you see how long it will take a computer to crack your password based on current standard computer processing speeds. Give it a try.
3: Switching Passwords: For convenience, we often use the same password for all login locations. We all do it, including me once upon a time. The problem is that if one of your accounts, say Netflix, is compromised, that could lead to someone accessing another account—your email, or online banking account, perhaps.
That’s why it is important to have a different password for each of your accounts. To help with password creation, develop a strong password “core” then, for each account, add something to it that represents what the account is for. For example, if your core password is P@ssw0rD, you could add the letters FB—P@ssw0rDFB—to designate your Facebook account.
4: Length vs. Complexity: There has always been an argument about which is better—a complex password or a long password. The answer is both.
A seven-character password with just numbers will take seconds or less to break. Combining symbols and numbers in that password might take the malicious invader a minute more to work through. So, password complexity is important, but the following example from betterbuys.com shows why password length is important as well.
5. Password Selection: Splashdata and others release an annual list of the most commonly used and, therefore, most hackable passwords. For the better part of the new millennium, the following five have remained at the top of the list—123456, password, 12345678, qwerty and 12345; in fact, these were the five most commonly used passwords found among more than two million leaked passwords during 2015, according to a January 2016 Computerworld article.
View the top-25 list of the world’s worst passwords from tech and entertainment news source BGR.com. If you’re using any of them, you’re putting yourself at risk.
So how do you create a strong, complex password that is easy for you to remember but hard for others to guess?
The best way I have found is to use a quote that has substance and personal meaning, and then combine it with numbers—ones that will help you remember your password but aren’t personally associated with you or someone close to you, such as a birthdate.
For instance, whenever I ask my wife if she needs help with something she loves to quote me a line from Disney’s Hercules: “I am a big, tough girl. I tie my own sandals and everything.”
It’s easy to remember and to turn into a password. The quote has 13 words. If you take the first letter of each word you get “IAABTGITMOSAE.” Already, that is gibberish.
Now, if you take some of those letters, such as a couple of the “A’s” and replace them with a symbol, such as @, you get stronger gibberish—“I@abtgItmos@e.”
Finally, add some numbers.
Here’s my thought process for selecting one. Like lots of mothers with multiple children, my mom does a “roll call” when trying to get our attention by reciting the list of my siblings names until she calls the right one. She does this almost 90 percent of the time. But just ask her when the Battle of Hastings was and she will immediately tell you, “1066!”
Now I have a number. Let’s add it to our password: “I@abtg1066Itmos@e.” Now we have a 17-character password that uses upper- and lower-case letters, a set of numbers, and symbols.
The bottom line is this: Passwords are here to stay until someone comes up with an alternative that is affordable.
Good passwords—those that are at least 10 characters long and combine letters, numbers and symbols for complexity—will make you less likely to be compromised.
Use separate passwords for different accounts. And it might be worthwhile to add a tag to your password to designate the type of account it’s attached to—FB for Facebook account, for example.
Crafting a strong, secure password is great, but you still must remember it. If this is a hard task, then use a password manager application. It is important to protect yourself in cyberspace as much as you can, and passwords are your first line of defense.
Netflix Malware—Netflix malware and phishing campaigns help build emerging black market
Gibson Research Corporation—How Big Is Your Haystack?
Betterbuys.com—Estimating Password-Cracking Times
Wired—7 Password Experts on How to Lock Down Your Online Security
Krebs on Security—Password Do’s and Don’ts
About the Author
Garrett Boyd is a student at UMUC studying cybersecurity, and is part of the award-winning UMUC Cyber Padawans. He has been working in IT and cybersecurity for almost 10 years in the United States Marine Corps.