Tip of the Week: Taking Your Password Practices to the Next Level
Don?t Neglect the Tried and True Rules
While we want a password to be easy to remember, we also don?t want it to be easy to guess. This is why we can?t help but shake our heads at the top-15 results of an analysis of data collected from the security website Have I Been Pwned:
- 123456
- 123456789
- qwerty
- password
- 1111111
- 12345678
- abc123
- 1234567
- Password1
- 12345
- 1234567890
- 1123123
- 000000
- Iloveyou
- 1234
Many of these passwords clearly break some of the cardinal rules of password security, such as ensuring that there is a mix of character types included in the password, making sure that the password is of sufficient length, or using obvious words, like ?qwerty? or ?password.?
What?s worse, it is probably a safe bet that many of the owners of these passwords had a tendency to recycle them across their accounts, putting more of their accounts at risk. None of this is a good thing for security, of course.
You definitely should not be using the same password to get into different accounts. This is not a good practice. The reason is pretty easy to explain: If a password were to be compromised for one account, that would mean that multiple accounts would be compromised.
A Proven Means of Securing Your Accounts
There are several different ideas about how to do this. One means is to use a passphrase – a series of random words, rather than characters, that is both significantly more secure than most passwords and is easier for a user to remember.
However, as is so often the case, you can start to encounter difficulties once the human element is introduced. We, as a species, tend to gravitate towards patterns, so we have difficulties creating a truly random series of words in our own.
To counter this, an IT professional named Arnold Reinhold developed Diceware, a reliable means of generating a passphrase for yourself.
Referencing the Diceware word list, roll five dice (or one die, five times) and find the corresponding word to the values you rolled. Repeat this process until you have a total of six or seven words, and you?ve got your passphrase.
Why the dice? Simple – it makes it much more random, even than a user ?randomly? selecting words from the list of potential words to include.
A Demonstration
Let?s say we were to use this method now, and rolled the following number sets:
- 21633
- 16521
- 31336
- 13263
- 52452
- 33535
Referencing the word list, this gives us the following words…
- Criss
- Choke
- Gluing
- Bambi
- Rust
- Ice
…and, as a result, our passphrase.
The webcomic xkcd provides an illustrated explanation of why passphrases are so effective:
However, many users will understandably hesitate to use passphrases, because this means that – assuming they subscribe to best practices – they will have to remember a series of six completely random words for each of their accounts.
This is where password managers prove their worth. Utilizing a password manager to save your passphrases, and securing it with one, allows you to optimally secure your accounts without the need to worry about forgetting all of your access credentials.
For more means of improving your business? use of technology, subscribe to our blog, or reach out to us directly at (603) 889-0800.