Viewing a single article
A comprehensive guide to password security online
View all articles
All of us use services online that require us to create an account for whatever functionality you want to access. Most services have only one way to identify yourself and to protect your account; a password.
Fortunately this is getting better as more and more popular services are starting to offer two-factor security options. This further increases the security of your online accounts and if a service offers the option you should always enable it if possible.
However secure a two-factor login procedure might appear, it amounts to nothing if you reuse the same password everywhere. The most common two-factor authentication method usually sends a confirmation code to your email address which you need to type in, in addition to your password to gain access.
That extra step provides very little protection if you use the same password in that email account.
If that service were to ever be breached, your password would then be public and all services where you are registered with that same password (and email/username combination) are now compromised.
Do not use a password twice
I know how difficult it is to remember multiple passwords and to then remember which service which password belongs to. The good news is you don’t need to.
Typing your passwords into a txt-file on your computer or phone is a good way to keep track of those pesky passwords. Just make sure the file doesn’t end up in the wrong hands; it might not be smart to save it in the cloud (Dropbox, OneDrive, iCloud etc.).
That’s the easy way.
There are password management programs that encrypt all your passwords using a master password. Just be careful which program to trust.
I wouldn’t recommend online password managers at all as the passwords will be stored externally. All programs have bugs and loopholes that the creator doesn’t know about and before you know it your passwords might be on public display.
The ratio between ease of use and security is a constant. Whichever you increase, the other one decreases respectively.
It’s not (always) your fault
Even if you work hard to keep your passwords safe, it may not be enough to ensure that your password doesn’t get into other people’s hands. Perplexingly, many big corporations still store their users’ passwords in plain text or very weakly protected.
Still, it’s better if one of the passwords leaks; at least it doesn’t compromise all of your online accounts.
There’s no excuse for not protecting the users’ information with the respect they deserve. Hashing a password into an unreadable garbled mess is so easy it can’t be forgiven when a big corporation is breached and their users’ passwords leak in plain text.
There isn’t a single service provider on this earth that will ever need to see your password in plain text, or have the need to be able to turn it back into a readable format after turning it into a hash, so why wouldn't they make it so that the crackers can't either?
Update your passwords regularly
Just in case your password gets out there it's a good practice to update them fairly regularly, just to be sure. Every 3 months should be fine.
Some services, like Facebook, will tell you how long it has been since you changed your password. If it's more than 6 months, it might be a good idea to come up with a good new password.
Read on to learn how to make a good password.
Password complexity, perceived “good” and “bad” passwords
I say perceived because we as humans perceive complicated strings of letters and characters to be complex and difficult. However, those strings aren’t so complex and difficult to computers.
If your password consists of upper case and lower case letters, numbers, symbols and spaces, it might be extremely difficult to type in. That password might not even be that secure. A really good password is one that you can remember but isn’t easy to guess and doesn’t contain words from a dictionary, a very important ingredient of a good password.
Password cracker tools have a set dictionary that contains the most common password choices and words used in passwords and are cracked in seconds - or less. If your password is “password” or “password123”, or even “qwerty” or any variation of those, shame on you. You should change it immediately and rethink your life choices.
To create a good password, use parts of words that mean something to you and then add some symbols and numbers to it. Make sure the password is long, as that is one of the most important ingredients of a good password.
You can also create a password from the first letters of words in a sentence to make remembering easier. For example, if you had a memorable trip somewhere, it could be for example:
Car Trip In Europe Spring Of 2015 With Friends And Dogcould make
To make it more varied, you can replace some letters with symbols. Just don’t use this example though, as it won’t be safe to use for obvious reasons.
The longer your password becomes the better. Just make sure you can remember it, or write it down.
You can use this tool to see an approximation of the strength of a password. Don’t insert any of your real passwords into it, though. You should always assume everything you insert on a webpage is submitted somewhere, so be careful.
Use common sense
There are tons of phishing attempts and possibilities to have your password get into a scammer’s hands. Whether you get emails asking for your password or you end up on a page that simulates the look of the real website.
Services are built in a way that doesn’t require you to reveal your personal account’s information to a third party. The administrators can do everything they need without access to your personal account.
You can rest easy and ignore any threats of your account being disabled if you don't send them your password. Also make sure that any links you click in emails take you to the correct site instead of phishing sites.
I hope this guide has been informative and helpful. Safe browsing to everyone!