This is the third part of a series about passwords—what they are, how they work, and how to use them securely.
- Click here to read the first part of the series, Passwords Part 1: What is a password?
- Click here to read the second part of the series, Passwords Part 2: The problem(s) with passwords.
In Part 1, we looked into some password foundations—secure systems, secure accounts, the username, the password, encryption and decryption. In Part 2, we talked about why passwords can be such a pain to use. Now, FINALLY, we’ll get to the bottom of how to use and manage passwords securely.
First of all, let’s do a recap of the DON’Ts of password usage and the reasons why being too casual with passwords is a bad idea.
Here are the DON’Ts
DON’T use the same password over and over.
I know, I get it, passwords are hard to remember. And we have to remember a lot of them. So, why can’t you just come up with one password you can remember and keep using it?
The reason is pretty straightforward. If you use a username and password combination on one website, and that site gets hacked, your login information could be used to access your accounts on ANY OTHER WEBSITE where you use the same combination.
This is the reason you’ll often hear (very good) advice to change your passwords every time a major website is hacked and user credentials are leaked or stolen.
DON’T use real words in your passwords.
Hackers have fast computers and sophisticated programs that will try many different possible password combinations to hack secure accounts. One method they use is to feed all of the words in the dictionary into hacking programs. These programs will use these dictionary words when trying to crack your passwords. If you use a word found in the dictionary, chances are that someone could crack your password more quickly.
DON’T write your password on a post-it note, stick the note to your computer monitor, take a selfie in front of the computer with the password showing, and post the picture on Facebook.
Yes, that happens. And more often than you would think.
DON’T use passwords that are easy to remember
Avoid using your birthdate, name of loved ones, your address, phone number, or any other tidbits of information that are easy to remember. If you can remember it, someone else can figure it out if they know enough about you.
Here are the DOs
DO use combinations of letters, numbers, and symbols
The more random and confusing your passwords are, the harder it will be for someone to crack them. Even with a fast computer and sophisticated software. Make your passwords at least 16 to 18 characters long, and use a combination of letters (upper and lower case), numbers, and symbols like !@#$.
Some secure systems will have rules about what you can use in your passwords. Some will require a minimum number of characters, and some will have a maximum. Some will allow numbers and symbols, and some will not. It can be confusing and extremely frustrating if new passwords you try get rejected. My advice is to slow down, read the instructions carefully, and take your time to create a password that meets the system’s requirements.
DO change all of your passwords every couple of months
Secure websites get hacked. Not all secure websites get hacked, but enough websites that should be safe places to store our data do. I’m sure you’ve heard about instances of this on the news quite often.
Indeed, not all instances of security breaches of websites and secure systems are even the result of hacking. Some security breaches are the result of poor corporate policies that allow tens of thousands of employees access to unencrypted user credentials. And some breaches occur when old government computers, hard drives, and electronic voting machines are disposed of without security measures, or even auctioned off without being wiped of sensitive data, leaving plain text user data, such as usernames, passwords, email addresses, and financial data exposed to potential threats.
Believe me, there are way more successful security breaches than you’ll hear about on the news, so please change your passwords fairly often.
DO use a random password generator
Password generators will create random, complicated passwords so that you don’t have to figure it out on your own. Most will allow you to set the length and type of characters they use.
There are many password generators out there. Here are a few from reputable companies that you can try:
- https://www.lastpass.com/password-generator
- https://1password.com/password-generator/
- https://www.webfx.com/tools/new-password-generator/
DO use multi-factor authentication
Multi-factor authentication is the method of using more than one device to make you prove that you are who you say you are, in order to access a secure account. For more information, read this article on multi-factor authentication.
DO store your passwords securely
Any password you can remember isn’t secure enough. It’s just that simple.
So, in that case, you’re going to need a safe place to store your passwords, right?
Right.
There are a few ways you can store passwords that are reasonably safe. But some are better and more convenient than others. Here are my thoughts on a few methods:
The little black book
Writing down your passwords isn’t actually a terrible strategy, as long as you have a safe place to store it (don’t do the post-it note thing). However, writing down passwords isn’t terribly convenient either. This is especially true when you’re trying to read and type or tap in 18 random characters with a bunch of funky symbols and multiple cases.
Browser autofill
Web browsers and mobile devices are starting to add password management options that are pretty secure. Using these options is certainly better than reusing unsecure passwords, but can be less than convenient when you’re managing passwords across multiple devices.
Spreadsheet
Spreadsheets lend themselves well to organizing lists of things, like user credentials. Just make sure the spreadsheet is stored in a secure location that can’t be accessed by anyone. This is also a very manual option, and can be inconvenient for managing passwords across devices.
Password managers
Secure passwords managers are my favorite option for both generating and storing passwords. These helpful programs can usually be accessed from all of your devices and make saving passwords much easier and more convenient than the other options.
There are quite a few password managers out there, so I will get into more details in the next article in this series.
Stay tuned for the next in this series, Passwords Part 4: Password Managers.
Have fun, and be safe!
Rob Parker, aka the Grumpy Designer