Have you ever talked to a child about passwords? They are a generation that was born with the username/password paradigm deeply entrenched into every aspect of life. It is fascinating and often humorous.
But remember, they are kids. They don’t understand risk. They don’t see the bigger picture. So all the ones I have talked to, and this is a sample related to my family, have a simplistic view.
They think of things they can easily remember. Some have even realized that they should string together some numbers or password. All of them reused the same password for most everything.
We can look at kids and smile. They have so much to learn.
But wait? Are you doing much better? Are you reusing passwords for all your accounts? Is your password system something that is easy for you to remember? Do you regularly changes your passwords?
Most of us, myself included tend to act like children when it comes to our passwords. Eventually though, like all children, we must grow up and face the cold scary reality. We need to take passwords seriously.
Fortunately solutions exist to help you that require very little effort and will completely change the way you think about passwords. They are called Password Managers and they should be your new best friend.
A password manager is a tool that does the work of creating, remembering and filling in passwords. You just log into one online account with a difficult to remember password or passphrase.
Once in your vault, you can store all your passwords. This freedom to store your passwords frees you up to make nearly impossible to crack passwords.
Passwords that are completely random and possibly HUGE. Fore example did you know that your gmail account password can be 100 characters long? I didn’t until I started using a password manager. Now all of my passwords are at lengths that would make brute force attempts nigh impossible.
A 2010 Georgia Tech Research Institute (GTRI) study told how a 12-character random password could satisfy a minimum length requirement to defeat code breaking and cracking software, said Joshua Davis, a research scientist at GTRI. Richard Boyd, a senior researcher at GTRI says, “Eight-character passwords are insufficient now… and if you restrict your characters to only alphabetic letters, it can be cracked in minutes.” In any case, to be on the safe side, a password length of 12 characters or more should be adopted.InfoSec Institute
12 characters? Ha!
Now, it will be a challenge to get started on the road to password happiness, but it is worth it.
I suggest you visit a service like Lastpass or at the very least see what sort of Password Manager is built into your browser. Yes, a service like Lastpass charges $24/year, but for the freedom to host and manage your passwords encrypted online, it is worth it.
BUT WAIT! WHAT IF LASTPASS GETS HACKED!?
Ain’t you clever.
Yes, all services will eventually get hacked in some way and having your passwords all in one places sounds scary, but if you think about it, it is worth the risk.
Lastpass will inform you of any intrusions. Then you simply log into your vault, change your master password and then move through your existing accounts and generate new passwords for each one.
Lastpass was intruded upon back in 2015. Encryption they use is so powerful that no passwords were lost. Even if the security had been terrible and they had gotten their hands on your master password, they offer two-factor authentication, which would have shut down all but the most persistent hacked (who happen to have access to your phone).
No it is not a 100% risk-free world, but this is a system that works with the reality of our world. Giving you the power to control the security of you ever-growing digital footprint while maintaining the level of security that most expert recommend. So please give it a shot.