Happy World Password Day! I know it’s more fun to celebrate May-the-Fourth in other ways, but this is important.
Passwords are how we keep our online accounts secure, and yet the most common passwords are horribly simple to guess. Every year password keeper releases a list of the most common passwords and every year “123456” and “qwerty” are on the list.
Passwords must be both memorable and hard to guess, the conflict between those two needs is the fundamental problem.
Many sites require you to use combinations of uppercase, lower case, numbers, and symbols in the name of making it harder to guess or crack a password.
However the resulting password is not easy to remember, and as humans use common substitutions, it remains vulnerable to cracking by computer.
To make a password hard to break you need to make it longer, use a range of characters, and avoid dictionary words. Something like this.
According to Kapersky labs it would take 33 centuries to crack this password by a single home computer. Most hackers have more computer power so could do it in fewer centuries.
There are two factors making it hard for computers to guess, the randomness of the characters used and the length of the password. As the wonderful XKCD explained we can use the length to make passwords more secure and memorable.
One of the challenges of managing online passwords is that we have so many of them. Often they can be saved on your device or in your browser, but this carries its own risks. If you lose your device or someone cracks your browser password (in the case of chrome) the person gains access to all your accounts. You can use a password manager, there are many on the market and PC Mag evaluated 12 of them.
There’s a lot of advice out there on changing your password, it’s often a mandatory practice on websites and within companies. But it’s usefulness as as security measure is dubious, in fact because people tend to then use a transformation on an old password the system might be less secure. One company requiring mandatory changes also prevented reuse of password elements for 20 changes. Luckily there are twenty regions of Italy. Of course if there is a password breach on any website you use you must change affected passwords.
To find a good memorable set of words look to poetry, quotes or song lyrics. Using the Kaspersky Labs password check Beyonce’s lyrics fare pretty well although the words are dictionary based and not particularly random.
Please take time today to celebrate World Password Day by making your passwords more secure
- choose long secure passwords
- use different passwords for each site
- use two factor authentication when sites allow it
- consider a password manager
- if you write down your passwords anywhere don’t keep it with the device.
Image: mine, and no, that’s not a real password