I recently wrote about password managers and some of the benefits of using a program to manage your passwords. Password managers help keep you secure and I can’t imagine not having one for all the passwords we have to manage.
Deciding to go it on your own and not use a password manager? Here’s a few items to keep in mind.
Bad guys are everywhere and are constantly looking for ways to get access to systems. They may not even care so much about the data on your computer or system as they care about using your identity to get to the bigger fish or use your systems to launch a distributed denial of service attack (where they use a lot of individual systems to overload some other system) like what happened a few weeks ago.
Let’s face it. Passwords are everywhere. That IP camera you bought and thought you’d just plug-in so you could watch your dog while you’re at work; It has a password. Did you change the password before putting it online? Did you look at its out of the box security settings? What about that network printer that magically lets your print from anywhere? Or that network attached storage?
We live in an Internet of Things where everything from our thermostat to our garage door is connected to the Internet. Any one of these devices could be compromised and be a way into your network or your other accounts. Most of these devices need a password somewhere. It might be on the physical device or it might be to get access to the service that the device is connected to. Either way we can’t afford to reuse passwords between devices or services because if one gets compromised it opens the door for everything to be compromised.
We need to use complex passwords because computers can scan through entire dictionaries or lists of words in minutes. Putting two words together doesn’t make them secure. You have to come up with things that aren’t based on lists of words that others (including computers) are going to easily find.
Sadly, the most common passwords used today, in 2016, are still 123456, password, 12345678, qwerty, football, baseball, welcome, abc123, mater, letmein, login, etc. Think you’re getting smart by using passw0rd? Not so fast, it still makes the top 25 most used passwords. While changing a few letters is an improvement, I think the bad guys have figured out that we often switch the i’s and o’s to 1’s and 0’s. Plantr0n1cs and D1g10m are not great passwords, although either would clearly be better than anything in the top 25 frequently used passwords.
Bottom line: a password manager will let you create discrete passwords for each site that are not based on dictionary words or if they are, they include enough other random numbers or characters to make them secure. For example, here’s some random passwords generated by Apple’s Keychain Password Assistant:
The good thing about these possible passwords above is that if you type it a few times you’ll probably remember it eventually. Even better are passwords that are really random, but there is little chance of us being able to remember them:
Please help keep your employer’s systems and your personal accounts secure by using complex passwords and not repeating passwords or password patterns. We must stay vigilant!