Probus IT Group – Monday 16-9-2019
ADDITIONAL NOTES FROM OUR MEETING 16TH SEPTEMBER 2019
Passwords are a necessary evil, so how do we manage?
We are all told our passwords are important, and key to protecting our digital and online accounts. We are told to keep them secure, strong and not to reuse the same password. But why and why is it all so hard.
What makes a good password
A strong online password is your only protection for your personal documents. It may be unlikely that you’ll be burglarized; but you’d rather be safe than sorry.
So, although you might be tempted to go with an easy-to-remember password like “12345” or “abcde123” even the word “password,” it’s a good idea to come up with something that’s more complex. Simple passwords like “12345” aren’t only simple for you – they’re also the easiest ones for someone to guess.
The same goes for using a single password for all your accounts: easy – but unsafe. If one account is compromised because someone figures out the password, then all your accounts could potentially be compromised. For your own safety, every account should have its own unique password.
So what constitutes a strong password and how to create one for each account.
Strong Passwords
Here are some tips for making your online password secure.
- A long password is best, at least eight characters, preferably 12 or more
- Include a combination of letters, numbers and punctuation (like ! or , or * or $ or #)
- Include a combination of uppercase and lowercase letters
- Not be an actual word
- Not use your real name, username or personal information, such as your birthday, license plate number, address, pet names, hobbies etc
Spaces cannot usually be used for web passwords, but can sometimes be used for other things, for example a password for loging into Windows.
So why all this mucking around
A short password is easy to guess
Have a look at Steve Gibson’s “Password Haystacks” web page. https://www.grc.com/haystack.htm
Steve shows that the most important factor in passwords is password length.
- The longer the better.
- passwords should always contain at least one of each type of character (upper case, lower case and symbol)
Common passwords are even easier to guess
Over the past several years many companies have been breached and had lists of their users and passwords stolen and made public.
As a result reseachers have had access to many millions of passwords, it is incredible how often the same passords are used. Hackers also have access tothese lists, so if trying to guess a password the first thing they will do is try all the common passwords.
Wikipedia has a a list of the most common passwords, discovered in various data breaches. – see https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
Has your information been disclosed? i.e. has a company who had your as a customer had a breach? Could your password be out there?
If you wish to check – Troy Hunt has a website called Have I Been Pwned . The site has lists of over 555 million real world passwords previously exposed in data breaches, and over 9 Billion accounts.
You can enter an email address and it will tell you if its on these lists.
OR enter a password and see if its on these lists. For example I entered a password of probus. It told me it was listed 175 times..
Check an email address – https://haveibeenpwned.com/
Check a password https://haveibeenpwned.com/Passwords
Re-using passwords is bad
Quite simply I cant remember heaps of passwords so I have 1 good one I use everywhere. Who can see this is a bad idea?
Now we know sites get breached and passwords get leaked. If someone works out your email password and that also is the password for your banking and facebook and lots of other places, well they can get into all of them.
To make it hard for the hackers and scamers do not reuse passwords.!
Managing Passwords
Ok you get all that, but there is no way you can remember a lot of complex passwords. What do you do?
It’s OK to write down your passwords to remember them, but make sure you keep that secure. Keeping it in a book labeled “MY PASSWORDS” and leaving it on the Computer is definatly a BAD idea. Rather place it in a obsure or secure location and dont label it as a passwords….
Passphrases
As mentioned above a good long password is hard to break. This makes it easier for us to use passphrases. So why not use a short sentence or a line from a movie or song. Something memorable for you.
What about these examples:
- A horse, a horse my Kingdom for a horse!
- I turned Ten in 2010 as did Ken!
- -DASH-across-the-Road-12-times
- “Oh, I believe in yesterday”
- To Bake a Cake take 1 kilo of flour
Use a Password Manager
Other than writing them down a password managert can make a ton of sence.
Password Manaagers are special computer programs that securely store all your passwords in an encrypted vault. You only need to remember one password: the one for your password manager – Make that a good one. The password manager then automatically retrieves your passwords whenever you need them and logs you in to websites for you. They also have other features such as storing your answers to secret questions, warning you when you reuse passwords, a password generator that ensures you use strong passwords, and many other features. Most password managers also securely sync across almost any computer or device, so regardless of what system you are using you have easy, secure access to all your passwords.
Of course write down the password to your password manager and store that in a secure location at home.
Sugested password managers
- Lastpass – https://www.lastpass.com/
- 1Password – https://1password.com/
Browser
All internet browsers Google Chrome, Firefox, Safari, Edge have options to save passwords which can auto populate the page so that you don’t have to enter the information each time.
You can also access this list of saved passwords if needed. Often these are not so well secured so it’s not that safe and could be susceptible to being stolen. Having said that all browsers are putting efforts into improving this and they are getting better all the time. Most will now generate a gobly gook password on the fly for you.
Conclusion
Passwords are anoying realities of life, no matter how we manage things its a compomise. Find a method that works for you but please try to keep it secure.
