Passwords have become common place in 21st century society. We need them to access just about everything; our computers, bank accounts, email, phones, programs, and even in some cases our homes. There is a lot of misinformation about passwords that this article helps you unravel.
Passcodes vs Passwords
Passwords are usually used in tandem with a username and both of them are needed to provide access. Often the username is in the form of an email but it could also simply be a name. The advantage of the username/password combination is that both are required to provide access. If either is incorrect access will be denied.
Passcodes are often used to access phones and tablets and are usually 4-6 digits. This is not as secure as using the username/password combination as only one credential is needed. The longer the passcode the more secure the device as longer numbers are harder to guess and take more attempts before the correct code is found.
It is recommended that passcodes be at least 6 digits long and are not based on your birthdate. At least 3 different numbers should be used in a random combination. Repeating numbers e.g. 112244 should be avoided.
Easily guessable passwords
With passwords needed for so many things, it's tempting to use easily remembered passwords by using personal words such as your name, pets name, wife's maiden name etc. Criminals know people use these as passwords so they look at social media profiles and do Google searches in order to find likely passwords. They also use automated tools based on dictionary words to try and crack a password.
Other easily guessable passwords are 123456, password, password1, qwerty, iloveyou. These are among the most common passwords used worldwide.
Passwords that are easy to guess should not be used.
The answer to weak passwords should be to use complex passwords containing many characters, numbers, and letters e.g. fe5-#fs^ksBske$5sby. Given that most of us have tens if not over a hundred passwords, very few people can remember that many complex passwords. This results in people writing down the complex passwords or storing them in plain text in a Word document which defeats the purpose of having a complex password.
Passphrases are a better way to remember passwords as they are easier to remember. They consist of a number of words and characters rather than a single word. For example: fox-holden-apples. If numbers or special characters are needed the passphrase can be easily modified e.g f0x-holDen-app!es
Some people use a default passphrase and modify it for each site. For example, using the passphrase above as the basis for an account on news.com.au the passphrase could become f0x-holDen-news-app!es - in this case the first part of the web address is inserted between the second and third passphrase words to made it unique to that site.
Ideally, every login should be unique.
Different levels of sensitivity
It is a common misconception that every password needs to be complex and hard to guess. While this is true for passwords that are used to access personal or financial information, complex passwords are not needed for sites that need you to log in simply to see their data. If your password to the ABC website or you blog you read was compromised it would have zero impact on you. In this case, a simple password would suffice.
Using a dummy email to access these low impact sites can help protect logins' sensitive information. Google and Microsoft offer free accounts that can be easily set up. Apple devices have the ability to create a hidden email that can be used instead of your email address. Use firstname.lastname@example.org for setting up an account with the ABC or news.com.au and reserve your personal email address for sensitive logins such as your bank or social media accounts.
Classify all the systems and sites that you access and identify those systems or sites that need secure access. Ensure these places have unique and complex passwords. Sites that don't access personal or sensitive information can have simple or even reused passwords as long as they are not similar to those used for secure access.
Most people rightly believe their online banking and other financial system passwords are sensitive are should have secure passwords. While this is generally true there other systems that need very secure passwords. Generally, any system that has your personal information should be highly secured. This includes social media accounts as they can be used for identity theft. Also, email is often used to validate a password change so a criminal with access to your email can do far more than just read your emails.
The final word on passwords
A password manager is a program that can securely store your passwords. It is a great option for recording all those unique, complex passwords. However, it is only as secure as its master password. This is one of those passwords that you will need to make complex and remember. Using a passphrase is the easiest way to create a strong password. However, password managers are not perfect and if someone does go wrong you may have a nightmare on your hands. That said, a password manager used with a strong password and on a secure device is a very good option.
Finally, we can't talk about passwords without mentioning multi-factor authentication. This is where an additional code is needed to access an account over and above a username/password. Typically this code is generated by an authenticator program on a device, by being sent a code via SMS or email or the most secure method is by being sent a code in an app. Multi-factor authentication should be enabled for all secure logins, especially banking, social media and email.