Passwords are a touchy subject. Everyone knows they need to be stronger but what does a good password policy look like? What is a good password? How often should I change them? Do I need separate passwords for everything? Where do I store all those passwords?
Steps for Password Security and Insuring Your Private Data is Safe
Maybe it would be good to start at the beginning. How are my passwords being compromised? The main way your passwords are being discovered is by breaches of large websites. When large sites like Myspace, target, Equifax etc are compromised large databases of usernames and passwords are stolen and sold/traded on the black market. If you regularly use the same passwords on multiple sites any targeted attack on your identity becomes exponentially easier with this information. We use a dark web search utility to monitor client’s domains and regularly find common breached passwords out on the dark web. The bad guys are able to see these passwords and use an automated process to try your compromised credentials on millions of sites. Amazon, eBay, PayPal, financial institutions and the list goes on and on!
OK, my passwords may be out there, but how do I shore up my password security and insure my private data is safe? We recommend a two-tiered approach:
1. Strong Master Password
First off you need a strong master password. To create this, we recommend a “diceware” password. Over the years we have trained ourselves to use evermore complex passwords with symbols and letters that are less secure and harder for a human to remember. Let’s take a common example. You choose a couple of seemingly random items, like your mother’s maiden name and the year that you graduated high school (i.e. Patterson1978). From Patterson1978, add a few symbols to make it harder and end it with an exclamation point. At this point, your new password is: P@77erS0n1978!
The problem with the example above is that this is not a very secure password at all.
A diceware password in contrast uses dice rolls to randomly pick words from a set word list. The key is the true random nature of the words. In the case of the password picked by us, although it seems random, it is actually quite predictable. The variations and number replacements are also very predictable and give any brute force attempts easy starting point.
How to use a Master Password
OK, now I have a secure master password how do I use it? The fact is that if you use the master password on any website and that website gets compromised, the bad guys will have your password no matter how complex it is! The only way to avoid having your password used against you on multiple sites is to have a separate, complex password for EVERY website/logon! How is that humanly possible?
2. Have a Good Password Manager
The second component is a good password manager. I personally use 1password. The way it works is you use you master diceware password to login to your password manager. The password manager stores all your passwords for every site, program or login. What makes it so secure is the password manager can create a truly complex, unique password for every site and you do not need to remember it. You then install the password manager app on all of your devices and viola, you have solved the issue! What’s even better is you will never have to create new passwords that you inevitable forget and or lose! If you are on a random computer you just login ton the password manager portal and retrieve the complex password for each individual site. The password manager I use is around $3 a month depending on whether you pay for it monthly or annually.
Do you want more information on this topic? Be sure to watch our video on How to Create a Strong Password with Diceware. Make sure you subscribe to our YouTube channel and give us a thumbs up if you enjoyed the video!
Are you interested in learning if any of your passwords that you or your team uses are on the dark web? Get started today by requesting your Dark Web Search on our website or reach out to us (904) 443.6046.