With the 90’s and the rise of the Internet, password requirements have become increasingly more complex.
First, we had to include a minimum of six or eight characters, then a mix of alphanumeric characters, the addition of upper case letters, and eventually special characters. The complexity required in passwords today have caused a new problem for users: we tend to forget them.
Passwords are key to protecting your accounts and knowing simple ways to securely create and manage all your passwords is vital for digital security and our digital quality of life. This month our focus will be on making password fun to create and manage effectively.
The following steps will help reduce the pain in creating and managing passwords:
The traditional approach to creating a password has been to make it very complex. This trend makes the passwords difficult to remember and ultimately people use shortcuts or workarounds that jeopardize security. Passphrases, however, can be fun and much easier to remember (KISS). A passphrase is a type of strong password that uses random words or short sentences. Here are examples of passphrases:
· I really look forward to summer days in the Atlantic Provinces!
The examples above are strong, fun to create, easy to remember, and contain over thirty characters which makes it more difficult to crack. Remember, the key to strong passphrases is to make them long - the more characters you have, the better.
It is important to use a unique password or passphrase for each account that you have. Reusing the same password for different accounts makes you vulnerable to hackers. A hacker who has accessed one of your accounts will try to reuse the stolen password to access other accounts that you have.
Password managers are special programs that securely store all your passwords in an encrypted vault. You only need to remember the password for the password manager in order to access all the passwords that you have saved in it. There are other features come with password managers that may vary from one application to the next. One caution: always remember the password for your password manager.
There are both paid and free password managers available. See a list of free password managers HERE
Two-Factor or Multi-factor Authentication
Two-factor or multi-factor authentication adds an additional layer of security to your account. This means an additional step is required to log into your accounts apart from entering your password. For example, you will need your password and an automated numerical code sent to your phone, or an authentication message sent to your phone prompting you to verify you are trying to access your account (this is similar to a two-step verification used on popular email platform such as Gmail, yahoo mail etc.). Other examples include using biometrics, key fobs or cryptographic keys, or smartphone enabled applications. These methods of authentication provide a strong additional layer of defence for the user without unduly burdening the user.
Making Passwords Simple: https://www.sans.org
Long Live the Passphrase: https://www.sans.org
Submitted by Andrew Murley, ITSS