Let’s chat about passwords.

So I imagine you are thinking to yourself awesome another post about passwords… Well you are correct, it is another post about passwords. So what is the big deal about passwords, how do we make our passwords better.

If you are like me every time you turn around you find your self watching or reading about some data breach, and how the whole world seems to now be on fire.  At which point you ask yourself if you should sell everything and run away.  Does this specific data breach actually impact you?  The not so simple answer is maybe, IMO even if this breach did not get you, the next one may get you.

A few things could impact if xyz breach will affect you, some of those things you can control, and others not so much since you are the user of someone else’s program.  (At the time of this post Apple had just made two relatively cardinal sins in the programing world with their blank super user password bug.)

  • Do you do business with the company for which the data was breached at or did they make a business of your information?
    • Think Yahoo and LinkedIn – Did you have accounts?
    • Think Equifax – Did they have information on you that you may or may not have purposefully given permission to?
    • Maybe that school PTA website that you bought a yearbook at.
  • How did that company store your data?
    • Is it encrypted?
    • Was it stored in plaintext? (Just like what you are reading now.)
    • What data did they have? Was it all the data needed to assume your identity?
  • Did you create a password that was unique for that site?
  • Did you create a unique username?
  • Could a neighbor guess your password?
  • Is your password something we could find in a dictionary?

Passwords are a big business for those who deal in identities.  There are ways that our passwords get out that we are not in control of, and in those cases we hope that they start to design with security and privacy in mind.  So what can we do?

First let’s chat about the value of unique random passwords.  If you were able to remember a single really amazing password.  I say you would be lost already, if you used your password on one of the sites we chatted about that did not secure their site or data well, then your password strong or not is now available to the world.

(Solution) Use unique passwords for every site that you have accounts set up.

What makes a good password:

  • Length – A password should be at least 12 characters (when we go at the old standby of 8 characters brute force attacks win in no time at all (30 seconds is the generally accepted amount of time.)   Wikipedia has a good article about strong passwords.
  • Characters – Use a mix of alpha both upper and lower case, make sure you have numbers and special characters.  Tip if a site says you have to have two numbers don’t put them at the end of your password and please don’t make them your birth year.
  • Entropy – A random collection of characters is harder to break than your daughters baby dolls name or your dogs name and the year your dog became a part of your family.
    • Password Managers – There are many good password managers out there, some of the big ones include LastPass and KeePass both are great but depending on how you plan to use them one is much better than the other.  If you only ever use one computer and never share your passwords IMO KeePass is the better choice, it is free and you control your destiny.  If you are like me and share passwords with a spouse and have many devices then a cloud based solution like LastPass might be for you.
      • In both cases each password manager can create random and long passwords for every password you need.

If you enjoy reading about passwords I think this one is a good read Password Cracking or if you want watch this you tube video and you may go out and change all your passwords now.