Passwords for online banking. Passwords for games services. Passwords for social networking accounts. Online, you need a password for everything — but how can you make sure your passwords are actually secure?
The short (and somewhat depressing) answer is that you can’t make a password that’s utterly secure, or at least not one hundred per cent secure. Ars Technica has a great piece up at the moment talking about password hacking that goes into some detail into the methods that password crackers use to produce billions of password results per second with off-the-shelf hardware. It’s somewhat scary stuff, especially if you’re using, say, DRAGON as your password.
A quick tip here: Don’t use DRAGON as your password. Don’t use any dictionary words, even from foreign languages, and, as the Ars article points out, even the XKCD combinator trick isn’t immune either.
So what can you actually do? You can make it as hard as possible for a security breach to affect you, that’s what.
Use services such as two-factor authentication (which I wrote about for The Drum here), but otherwise the best solution I can advise (which isn’t 100% bulletproof for all time, because absolutely nothing is) is to use password management applications such as 1Password or Keepass to secure all your passwords.
Use their inbuilt generators to make extremely long passwords, and then secure them behind a password that only you know and that you only ever use for that password management software.
Nowhere else, not written down, not also used for your Facebook account, and so on and so forth. It’s then relatively trivial to cut and paste those passwords from their source applications (or use their inbuilt launching facilities where appropriate), meaning you can have long passwords (which are mathematically tougher to crack) without the hassle of remembering long passwords.
Then — and this is where you’ll do more good to protect yourself if you become aware of a security incident — change them around every once in a while. You’re not remembering them anyway (that’s the job of the software package), so recalculating a new long password is just a tap of a button and a change in the service away, which is quite trivial.
How Do I? covers the basics, because we’ve all got to start somewhere.
Image: M Thierry