Password Protection Predicament?
Stay on Par with the Pros.
Editors Note: 2 years later, the information in this blog is still quite helpful. Not much has changed on the web in terms of password security, but there are tens of billions more passwords floating around then there were at the time of writing this blog. Because of that, there’s been a bit of a refresher on the Password Manager portion of this blog. Click to skip!
Your personal information is less secure than you may think, and I’m not talking about the windowless white van that parks directly outside of your house four days a week.
Living in the age of information can be pretty scary – and rightfully so! Surely you’ve hesitated before purchasing from that sketchy website, or perhaps felt unsure about providing personal information online. After the Equifax hack that violated the privacy of a large number of Americans, the web seems to be more at the mercy of internet pirates and cyberpunks than ever.
So, what do you think you know about password security? You’ve probably picked up a few tips and tricks creating accounts and setting passwords on various websites. The traditional method of thinking is to create a password with a mixture of capital and lowercase letters, special symbols (such as ?,@,!) and numbers to best confuse a would-be intruder. You may also think that using different passwords for different sites and accounts would help, or that your password needs to be changed regularly. If you’re like me and have been advised incorrectly on password security, I have some advice that may help you out.
All hope isn’t lost
The National Institute of Standards and Technology is the authority when it comes to creating models for internet security practices. The institute, NIST for short, realized their former standards for password strength were not optimal. Basically, we have been creating passwords that are hard for us to remember but simple for computers to guess. NIST’s new guidelines for cyber-security are a far cry from the old way of thinking, leaving many to wonder just how vulnerable they’ve been to information burglary.
So what can I do?
Research shows that having a longer, multiple word password is key to securing your accounts. For example, something like hello_my_name_is_simon_at_roundpeg is infinitely more secure than S1M0NR0UNDP3G?!. There are only so many characters, and those aforementioned cyber infiltrators are hip to the various tricks we use to create easy-to-remember passwords that conform to common password length and character requirements. Creating a longer, plain English password makes it more difficult for the bad guys to get in. This should be an easy change to adapt to; after all, not only are the complicated passwords difficult to type, they’re also easily forgotten.
Additionally, the notion that we need to change our passwords frequently has become outdated. NIST suggests retaining one good password is more secure than changing passwords. Passwords should never expire, except in the instance where a website prompts you to change login credentials.
Having different passwords for every account on different sites isn’t a necessity. If you do decide to keep multiple passwords, it’s a good idea to keep them all in one place. This sheet can be physical or digital, just make sure not to title your document something obvious like ALL OF SIMON’S PASSWORDS. To stay secure when creating these passwords, try not to use variants of your other passwords. Changing just one character in your password makes it that much easier for someone to guess your new password should one of your other accounts have been compromised. Try to avoid using numbers and symbols in place of letters (for example: some use 1 instead of I, 5 for S, @ for a, etc).
If you’re finding you’re having trouble keeping track of all of these unique passwords, there are a number of password managers out there to help you out.
You can never be too careful – you don’t know who is watching.
Too long; didn’t read. Do what, now?
- Easy-to-remember multiple word phrases are more effective than a password with case sensitivity and special characters.
- Plain English is best!
- You do not need to change your password frequently.
- Password generators and management applications are not necessary if your password is good enough.
- Make sure your password isn’t among the most commonly used! Updated 2019 list found here.
- Create a password that is complex, but simple enough for you to remember.
The full text of the new NIST guidelines can be found here.
If you have any further suggestions or would just like to talk, drop me a line! I can be found on Twitter, Instagram (@sefroyms) Facebook and Linkedin.
Until next time, dear reader.