Password Security

What’s in a password? The value of online security

Have you ever wondered how secure your password really is? Click on this link to see how long it takes for password cracking software to guess your password:

http://random-ize.com/how-long-to-hack-pass/

Password security is a topic that confuses most, interests a few, and impacts anybody who has ever created an online account whether personal or business related. A password is oftentimes the only form of security required to prove it really is you trying to sign into your Facebook account, or that it really is you trying to access your online banking forms.

Just as we lock the front door to our homes with a key, we lock access to our online presence with our passwords.

Was it 0, o or O? was it 1, l, or I? Remembering complex passwords the easy way

While there is much value placed on having an overly complex password that is not easily guessable, let alone memorable, a line in the sand between “complexity” and “memorability” needs to be drawn.

A passphrase such as “TheHorseDrawnChariotUsedBatteryOperatedWheels” is long enough that a computer system would take many, many years to ‘brute force’ the pass-phrase (go ahead and test this one in the link above) and memorable enough not to worry about confusing letter substitutions.

A passphrase that incorporates letter substitution with numbers and symbols (“Th3Hor$eDrawnChariotU$edB4tteryOperatedWh33ls”) will be even stronger yet again – just keep in mind your overall ability to remember it without writing it down.

To express all of the above illustratively, we highly recommend this excellent xkcd comic: https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength

Password best practices – do’s and don’ts when securing your online presence

Password advice differs from person to person and changes over time as we spend more time online and learn what does and does not work. The advice once given by the National Institute of Standards and Technology in 2003 has since been re-thought, and mostly discarded in favour of new, more secure password habits https://www.theverge.com/2017/8/7/16107966/password-tips-bill-burr-regrets-advice-nits-cybersecurity

 

Generally speaking there are good ways and not so great ways to protect yourself online. Using the same password in multiple places (facebook, gmail, online banking, etc) is often convenient but never is it the safest way to manage your online security.

Try to avoid:

  • Using the same password for multiple log ins.
  • Using generic passwords like your first and last name, your first name + your birthday, etc.
  • Using password as your password (yes, this really does happen!).
  • Writing your password down, especially in a workplace environment.
  • Using passwords that are less than 8 characters long.

Be more secure by following these guidelines:

  • Use a different password for each online account you own. Your bank account, facebook account and email accounts should all have their own passwords (just as the front door to your home has a different cut key compared to your letterbox and your garage door).
  • Get into the habit of using a ‘passphrase’ as opposed to a ‘password’. A passphrase like “BlueBerryMuffinCheeseCakesAreReal” will always be more secure than a password like “Johndoe”.
  • Remember your password, and don’t write it down. This is a lot easier when you use the concept of a ‘passphrase’ as opposed to a singular complex ‘password’.
  • Use as many characters as possible. The more characters in your password, the more secure it is!
  • Change your password after a data breach. Using a website like https://haveibeenpwned.com/
    is a great way of finding out if your email address has been seen in a data breach and consequently if the password associated with that email address has been compromised. If you follow the best practice of using a different password for each website, you will have already taken a productive step to mitigating the amount of risk involved to you after a data breach.

More information can be found at https://www.staysmartonline.gov.au/alert-service/new-guidelines-creating-strong-passwords

Do I really need to worry about any of this?

Losing control of an online account by having your password compromised can cause very real and long term problems in the most extreme cases, and several days worth of embarrassing emails sent unknowingly by your email account in the least severe cases. Recently, 12.5 million Australians found themselves victim of a data breach involving email addresses, passwords, and other identifying personal information: https://www.staysmartonline.gov.au/alert-service/125-million-australian-email-accounts-leaked-online

At the very least it is important to remember that your various online presences may draw the attention of unwanted individuals, especially if another party may stand to gain financially on your behalf, and as such it is worth your time to make sure you have properly protected yourself.