The idea of passwords may be flawed as pointed out in this educational and scary piece by Matt Hohn. Kill the Password: A String of Characters Won’t Protect You
In this article, Matt talks about how his entire life was hijacked by malcontents. All of his devices were wiped, every account hacked, and he lost every single photo of his daughter. Reading this was scary enough for me to take my password game seriously for the first time.
The rest of this post is the result of my research.
Pro Security Tip #1: Use Two-Factor Authentication (aka Two-Step Verification)
Two-factor authentication can be intimidating, but it’s basically like having a backup ID online. In this case, instead of showing your driver’s license, your phone gets a text. Check out this video from Google explaining it:
If an online service you use offers Two Factor Authentication, then you should use it; if not, you are negligent. If your primary email doesn’t provide this security feature, change emails now. Your email is the core of your online identity, and if breached could lead to devastation, so protect your email with all the tools you can.
Pro Security Tip #2: Do Not Use Weak Passwords
Don’t freak out, I am not psychic, and I am definitely not standing behind you while you read this… but I am going to describe your password to you.
- It starts with a capital letter
- It ends with a punctuation mark
- The capital letter spells a word in the dictionary or a name
- You also have a number right before the punctuation
- If you are crafty, one of your letters is replaced with a symbol that looks like the letter (@ for a, etc.).
So many places have worked on increasing their password requirements that they have pigeonholed us into this standard format that the human mind can remember. Counterintuitively this makes the brute force attacks against your account that much easier.
Brute-force attack: a computer uses a dictionary, standard password formats, a fast internet connection, and time to try every possible password combination.
If you really want to freak out, see how long it would take for a brute force attack to crack your current password: How Secure Is My Password (Notice in the footer that your password is not sent anywhere, and this site uses a security certificate. For the paranoid use an incognito window and a VPN)
If you tested all of your passwords and they are in the millions of years, and they don’t repeat, then I don’t know where John Connor is, yes you can have my clothes, and I welcome you as our new robot overload.
If you are not a Skynet operative, then my best advice for making a strong password is the sentence acronym. A sentence acronym password is when you take a fact that is and always will be true, such as the street you grew up on, your first pet etcetera, and create a sentence out of that fact. For instance:
I grew up in a house at 123 Main Street.
Then you take that sentence and make a password out of it. Take the first letter of each word (case sensitive), the numbers, and the punctuation, to create this password:
According to How Secure Is My Password, this password would take 5 million years for a brute force attack to crack.
Notice that this method for creating a password breaks the mold for many of the typical password formats. There are capital letters in multiple places (thanks to using proper nouns), there are numbers in the middle, and the password is not based on a word from the dictionary.
Pro Security Tip #3: Do Not Repeat Passwords
A strong password is a great start to enhancing your security, but sometimes the safety of your password is out of your hands. Websites and services get hacked all the time. Hackers do this because almost everyone repeats passwords across services, so if you can get the password for one service, you can likely get access to all of that person’s digital life. You can stop this security avalanche by not repeating passwords.
Talk about a pain in the ass! A unique, permanently correct sentence acronym for every website/service you use!? You might consider burning everything you own and moving into the mountains to be an easier option. Enter 1Password (cue angel music).
The beauty of 1Password is that you can easily handle all three of my pro-security tips. Using 1Password is genuinely easier than not and is exponentially more secure than your status quo.
In addition to keeping all of your passwords, you can store driver’s license info, social security numbers, credit cards, pretty much any piece of secure information you would ever need.
Every service can have a unique password that would take the rest of the life of the universe to crack…
In addition to being the definition of secure, 1Password is also well designed and user-friendly. There are apps for Windows, Mac, iOS, and Android, so you always have your information. There are extensions for Chrome, Safari, Firefox, and Opera that make auto-filling your 64 digit passwords into any site a breeze.
As you can likely tell, I am a big fan of 1Password and recommend it without reservation. Check out their YouTube Channel to learn about all the stuff 1Password can do.
If you want a step-by-step guide to getting set up with 1Password, then you should check out this Beginner’s Guide to 1Password from Lifehacker.