During your time online, you have no doubt encountered the words ‘Create Account’ or ‘Register.’ These online accounts almost always require the same two things: an email address and a password. Ironically, these two widely required pieces of information often create a single point of security failure. People frequently use a single password for every account, so if one account is compromised, every other account with that password could be compromised as well. There is, unfortunately, no scalable solution to the problems of email, so the world will likely remain reliant on this outdated technology. The same goes for passwords. However, we can adopt strategies to make our passwords stronger and our accounts more secure.
There are three bad practices people generally succumb to with their passwords. The first is using a single password for every account, the implications of which we have already explored. The second is the use of weak passwords. In the event of a data breach, weak password hashes are incredibly easy to crack using software tools. Weak passwords are not just ‘password,’ ‘123456.’ or ‘qwerty.’ Short, common phrases, words, sequential numbers, personal information like birthdays and pet names, and any combination of these things can be cracked relatively easily. Password crackers can be programmed to look for combinations based on personal information and other parameters. The last bad practice is to store passwords in an unsecured way. Writing passwords in a notes/text document should not be considered secure. If someone can log in to or physically access your computer, the documents can be easily read if they are not encrypted. Writing passwords down is not ideal for storage either, since if you lose the book or paper… you know the rest.
So we have established the common problems with password creation, but how do we create strong passwords and keep our accounts secure? The solution to the first problem is simple: don’t reuse passwords. The next step is to create strong passwords. A strong password should be at least 16 characters long, ideally more, and should be a random combination of letters (upper and lowercase ), numbers, and symbols. Now you might be wondering how I expect you to memorize these different passwords for all of your accounts, and the answer is, I don’t. Instead, I would recommend the use of a password manager. Password managers are tools that securely store logins and other sensitive information encrypted. There are several forms of password managers, including local and cloud-based ones. Password managers are designed for security, making breaches rare and less productive for hackers, who will focus on weaker targets over hardened ones. The single caveat of a password manager is that they require a strong master password. If an adversary steals the master password, they can compromise every account if other security measures like 2FA are not implemented. The key is now to generate a strong master password that we can remember. One of the best methods for this is to use a hardened passphrase. First, think of a relatively long phrase that you can easily remember (Longer passwords are harder to crack). As an example, we’ll use the phrase ‘leave the gun take the cannoli.’ You can then apply a variety of strategies to maximize security. For example, you can use leetspeak to add numbers to your passphrase without compromising memorability. Leetspeak is an internet term referring to replacing letters with numbers. Our passphrase would then look like this: l3av3 7h3 gun 7ak3 7h3 cann0li (3 replaces e, 0 replaces o, 7 replaces t). Another strategy would be to use symbols to represent spaces. Example: l3av3#7h3#gun#7ak3#7h3#cann0li. Finally, you can use padding, the action of adding length by adding a single character repeatedly. Example: l3av3#7h3#gun#7ak3#7h3#cann0li\\\\\\\\\\\\\\\\\\\\.
There are many more ways of making your master password more secure, and the bottom line is that it should be as long and complex as possible while still being memorable. For all your other passwords, use a password manager, and make them strong as described above. Following these steps will make your accounts significantly more secure in an increasingly insecure world.