7 Easy Steps to A Prize Winning Password
Passwords are our first line of defense for protecting our online accounts. But, what is a good password and what just isn’t?
In just 7 easy steps, I will teach you, how you too can enjoy a Blue Ribbon Password. Let’s first talk about some terms I will use in the recipe, so we are both on the same page:
Credentials = Authentication information, usually your username and password
Cracking = Guessing or using software that runs through a list of words form a recent breach “paste” or the dictionary
Vulnerability = any computer weakness
Special Characters = As much as we love our favorite number, the special characters are not letters or numbers, but instead the symbols
Authentication = process to prove you are you and you have permission to do a thing
Alright, here we go. On to the recipe:
- Avoid the obvious – this means 123456, password, name12, 111111, p@$$w0rd. While you are at it, look at this website to see the most common passwords in the last year and um, don’t use any of those.
- Stop Sharing, yes you. You share too much online. Look, I know you probably shared your Netflix password, but wait a minute, aren’t you already using that same password for your email too? Whether it is between people or services, stop it – no more sharing passwords, ok?
- Go Long……. If you haven’t heard this yet, the least crackable passwords are looooonger than the rest. It’s not so much about complexity as it is length – and honestly, do not just go for the minimum amount that the website asks for, you should be going as long as that website will let you. What is long enough? Think about song lyrics, exchange a few letters for symbols and punctuation and you’ll be in great shape. Check this page out, try out your ideas to see how long it would take a computer to crack it.
- Only the best ingredients and no, you can’t share them. Didn’t I say this already? Look, everyone does it, that doesn’t make it a good idea ok. No more sharing the password between sites or friends and that means no more of this either – password1, password2, password3, 4password, etc. You aren’t fooling anyone and trust me when I tell you, you aren’t fooling a computer with the latest word list from a breach. Did you look at that website link for the 500 most common passwords? Go back and look again, notice anything about them? Um, yeah – whatever you thought of, it was done already. No more sharing, use fresh, top quality ingredients in your password.
- Rotate often. That’s right, but how often? This is the best way to think of it, whether I am talking to a large corporation or you, reading this blog – look, how long do you want to allow a thief to muck around in your private stuff? Think about that, seriously. You just changed your password and that cool website was involved in a breach – they haven’t told you yet, well, because well, they didn’t detect the breach yet. So, let’s say, you only change your passwords once in a year – you are basically allowing a thief to have a full year’s worth of access to do whatever they want with your private data. Well, don’t get too paranoid either, rotating your passwords more often than once every 60-90 days is likely complete overkill and honestly, there is another factor you can add, to get some peace of mind.
- Yep, you guessed it, add another factor. Think about what I just said in #5, and add 2 factor, or multi factor authentication to any and all accounts that allow it. Think about it, you already use it at the ATM, when you use your bankcard (1st factor) and your PIN (2nd factor). Most likely, in this case, your password will be the 1st factor and since it could be stolen, the 2nd factor could be a text message to your mobile phone, or a call or email, or even an app on your phone that generates a random code every few seconds. This second factor, whatever you choose, will be the one thing keeping a thief out of your account, so you have time to update your password. Pay attention! If you get a text message from one of your sites, it means someone is trying to login with your password – so, you can easily login to the site and update your credentials, stopping the thief from getting very far.
- Put it all together in the oven and you’re done. Well, not the oven exactly, but rather, a secure vault. You really can have one really long master password on one encrypted safe, where all your ingredients are combined for a Blue Ribbon Password Strategy. There are options here, basically it all comes down to whether you want the oven to travel with you on all your devices, or stay in your computer. The best options as of this writing include: KeePass, Dashlane, LastPass and Bitwarden.