In The News‎ > ‎

Developing Good Password Practices

posted Dec 4, 2014, 8:30 AM by Craig Cox   [ updated Dec 4, 2014, 8:31 AM ]
Content provided by Noah Andrews
Wilmington ISY program

Being wise about how you use passwords is one of the most important ways to improve your personal security. All good passwords have the qualities of uniqueness and strength. Uniqueness means not using the same password in multiple locations. If one account were to be compromised, you would want to contain the breach. (This is also a good reason not to use systems like Facebook Login, which let you log into websites using your social media profile.) It is also possible that the operator of a service is using your credentials to attempt to log into popular websites. Don’t make it possible for him to succeed. The other quality of a good password is strength. Strength requires both length and randomness. One way to get that is by having a computer generate a completely random 10 or more character password for you. This would make for a strong password, but not a memorable one. A more memorable way would be to use a string called a “passphrase” of at least four or five random words as the basis for a password. It should not be a coherent sentence; the words should have no connection to each other. In addition, you should use some additional techniques to enhance the level of randomness, like using a non-dictionary word, changing some of the letters to similar-looking numbers, and using characters that are not numbers or letters.

Even if you use passphrases to secure your accounts, it will be difficult to remember them because you probably have many accounts to keep track of. One solution is a password manager. A password manager is a program that stores your passwords securely on your computer using a technique called encryption. Some examples are Lastpass, KeePass, Dashlane, and 1Password. Most can generate secure passwords for you and provide easy access to them from your web browser when you visit websites. Password managers are great tools, but I do not recommend using them exclusively. They may have unknown vulnerabilities that could allow an attacker to steal your passwords, and if the password that you use to lock them is cracked, you have lost all of your other passwords as well. Instead, you could store only the passwords for less critical accounts in a password manager, while memorizing your more important passwords like the ones used to log into banks and email accounts.

There are some other things that you can do to improve the security of your accounts. Many websites offer something called two-factor authentication. Two-factor authentication requires not only your password to log in, but also a physical device, typically your cell phone. It is simple to set up and easy to use, and can greatly enhance your security. When you log into a website with two-factor authentication enabled, a code is sent to your phone. The code will change after a certain period of time, usually a minute. If the attacker does not have access to both your password and your phone, he cannot get in. Changing your passwords on a regular basis is also a good practice. To help you remember, you can make it into a routine, something as simple as changing three passwords every time you start a load of laundry. Together, let’s use Cyber Security Awareness Month as an opportunity to make good habits and secure our online identities.

Editorial note:  Google sites automatically credits the posting account.  Content for the post above was entirely supplied by Noah Andrews.  Attendees of the passwords seminar may notice differences between Noah's recommendations and those made in the seminar; this is a good illustration of how different specialists may have different approaches to the same issue.