Password Science 101 - Password security for Everyone

There's always a lot of press coverage about passwords whenever someone gets hacked.

Since passwords are something that everyone has some personal control over, it's a worthy message to put out there. That's right. You can make a direct difference to the security of your banking information, your credit card number, or your dirty secrets on the Internet. But how?

This blog post will give you 5 easy tips you can use with your passwords to personally make a difference in online security.

First of all, not all hacks get passwords.

Most of the time, what hackers get are password hashes. This is a weird word. But, what it means is: computers like math. Secure computers protect your password with math. This way, when someone steals password hashes, they get a bunch of meaningless junk. The bad guys have to crack those hashes in order to get your password. And that's more math. But, that math is easier than you might think.

So, this is where you come in.

1. Short passwords are easier to crack. A good attacker can crack just about any 8 character password in less than 12 hours.

2. Never use the same password on more than one site. That way, if one site gets broken into, the accounts on your other systems will still be safe.

3. Complicated passwords are good, but long passwords are better. Try to think of passphrases instead of passwords. Why not use a sentence? "Password1!" meets all the requirements, but is actually pretty easy to crack. Instead, "My 1st dog was Buster" is much harder to crack and also meets all requirements.

4. But, that's hard to type. Make it easier to use these longer passwords by using a password vault program like 1Password or Keepass. These will even generate long passwords for you so you don't have to be creative, and they'll help you store different passwords for different sites. Then, all you have to do is copy and paste them when you need to use them!

5. Be careful about where you put your password. If the site you're using isn't securing your password, there's not much you can do. An easy test is to try to reset your password. How easy is it? Do you get an email with your actual password in it? That's a bad sign. The same is true if you give your password to any email or website that asks for it without verifying the site needs to have your password. That's called Phishing, and it's an easy way to lose your password.

There you go. 5 easy tips you can use to make a difference in your personal online security. Have fun!

If you want more details about the math I talked about, read my next post: Password Science 201.

No comments: