Passwords, compromises, and the risks within

Posted: October 3, 2014 in Technology

Tying in to my last post somewhat about trading privacy for the use of technology I wanted to talk about a topic very near and dear to all of our hearts, passwords.  Gone are the days of paying bills by mail, balancing your checkbook with a mailed bank statement, or even writing hand written letters.  Everything is online and with everything being online means that you have to have some piece of information to access the information stored on the internet.  In most cases this comes in the form of a username and password.

The problem with passwords, unless you’ve got the memory of an elephant, is you either end up using the same password or a small set of passwords for every site you access or even worse, you write them down on a piece of paper or store them in a plain old text file on your computer.  The tools hackers use are very sophisticated.  Used to we’d tell you as long as it’s over 8 characters and you have a special character in it, you’re fine.  Not really the case anymore.  The truth is, the longer and the more complex your password is, the better off you are.  I know you’re saying to yourself, “Well how do I come up with a password that long and even better yet, how do I remember it?”  Here’s a few things you can do to help strengthen your personal security posture.

First, one of the easiest ways to make better passwords is to utilize pass phrases instead of passwords.  Let’s say you have a website that allows for 20 character passwords you could utilize something like “Ihave3dogsIlove#2014”  Notice how this pass phrase really covers all our bases: it includes upper and lower case letters, it includes numbers, and it includes a special character.  The added benefit, it’s a phrase that you might could actually remember!  Keep in mind you still don’t want to use personal names or identifying information but even with that in mind a pass phrase can be a quick and easy win to helping secure your online information.

Secondly, enable multi-factor authentication.  What is multi-factor authentication you ask?  Multi-factor authentication goes back to the old saying of what you know, your username and password, and what you have, either a physical security token or something like a smart card.  Most people in their personal lives aren’t going to have smart cards but there are several methods you can use that are very similar.  Not all websites support this technology as of yet but what basically occurs is you enter your username and password as you normally do but after that you are then prompted for a security code.  In the past these codes were actually carried around on physical hardware tokens but today are available in the form of either a text message from the company or using an “authenticator” app such as Google Authenticator.  The text message option is very easy because it’s as simple as typing in the code you’re sent from the company you’re logging in with.  The authenticator option really isn’t that bad either as it requires you to simply download an app from your smart phone’s app store and then simply register with the website you are trying to login with.  Once you’ve registered the authenticator directly to the website it then generates a number string that changes every 30 seconds or so.  Using multi-factor authentication really is one of the best ways to go especially if you don’t want to have to try to use longer and longer passwords however not all websites and companies support it.  Here’s a great website thought that is constantly updated with the list of companies that do support some type of multi-factor authentication-

Lastly, and this is one that I went with, is to utilize an online password vaulting service.  Now let me put out a disclaimer that you should not utilize sites like this for your company passwords if you work for a corporation as most security policies frown on things like that but for your personal accounts, it’s great.  The tool I use is called “LastPass.”  Tools like LastPass include web plugins that work directly with your web browser to help you store your online account passwords as well as to help you with generating new passwords.  LastPass includes a random password generator to help you generate random, long strings of characters to use as passwords.  You may be asking yourself, “How am I going to remember strings of random characters?” the answer is with tools like LastPass, you don’t have to.  LastPass stores your passwords in their secure, encrypted database and then the plugin for your web browser then can either auto-fill your password when it’s time to login or you can copy and paste it from your password “vault.”  If you need access to your passwords on a computer that doesn’t have the plugin you can utilize the mobile app or their website.  LastPass also supports multi-factor authentication to help further secure your password vault.  There are many other tools out there like LastPass but in my opinion it is one of the better ones.  Give it a try, it’s free and if you refer a friend they give you free months of “premium” service which allows you access to the mobile app.  Here’s the link – LastPass

In closing, times are a changing.  In today’s day and time you really can’t afford to keep using your same old short, easy to remember passwords if you want to keep your personal information safe.  Sure, companies themselves can get hacked but that’s a topic for another day.  It’s up to us however to help protect our own data.  What do you have to lose, get to changing those passwords!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s