As we wave goodbye to the pain that was 2020, some people are looking for a different kind of New Years Resolution; even one that they might follow for once! I am looking to improve my fitness; working from home gives me more free time, the lack of which was always my reason for not exercising! Another kind of fitness is “Digital Fitness”; the first and perhaps most crucial step in improving your Digital Fitness is security, stronger passwords being an easy first step.
Beef up those Passwords.
We are often told that we should use long and complex passwords; but remembering them is hard, especially for those who do not use them regularly. This then results in the less savvy user simply changing a part of their password (like a number) each time they get forced to create a new password; this way they can remember one long password with a slight change rather than a new long password every ninety days. The best password is a password that even you can’t remember:
LocalSportsTeam123is a poor password; Facebook or Twitter will likely tell me which Sports Team you follow. Setting your Twitter password to
Bluebird social waffle!is much better (and somewhat easy to remember on its own).
X?3qM_f55/[h^[email protected],;LYXis much better. Thirty characters of the monkey at a keyboard typing; no one will guess that; according to thycotic (don’t put your real password into a site like this), it would take an average computer 931^39 years to crack that password (and it isn’t in HIBP).
But how can you remember password number three; simple answer, you can’t. And if you can’t remember one password this complex, how can you remember all of the passwords? A study by Intel in 2017 stated that the average person has to remember 27 passwords; I know that I have over 500!
Write them down!
Another common IT department mantra is “do not write your passwords down”; a sticky note on the underside of a drawer is a bad idea (watch the movies WarGames if you disagree), but is a password book (virtual or physical) so bad?
Use a password manager and allow it to remember your passwords for you. The popular browsers all have built-in password managers now, and some will synchronise across all your devices; although not the best option this is the easiest route for most users.
Several commercial password managers are available; some are free, whilst others cost a small amount each month. Whichever password manager you choose you need to be sure you can trust it; putting all your passwords into a manager with poor security is nearly as bad as using the same password everywhere! If you do not want to put effort into understanding the pros and cons of each option; pick one of the two industry leaders:
I use 1Password; it isn’t free, but it is cheap ($2.99 a month, less than a large Starbucks Coffee). Both 1Password and LastPass have mobile and desktop apps alongside plugins for the major browsers.
A password manager will generate and remember strong passwords for you; all you have to remember is the password to your password manager (hence the 1 in 1Password). Using mobile apps or browser plugins allows for auto-complete on login pages, and they will even remember MFA/2FA codes for you (but that is a subject for a future blog article). I won’t go into the details of using a password manager as each one has a different interface; take a look at the 1Password Tour or the LastPass Tour for more information.
Or physically write them down!
My grandmother can’t remember simple passwords, and she would have no hope using a password manager (she can hardly remember how to open a web browser). She has a little notebook that we write her handful of passwords in for her; the notebook is hidden away in a different room to the computer. She doesn’t have a smartphone, and her only internet connection is her computer at home, as such, she always has her “physical password manager” when she needs it. You can even buy a special “internet password book”.
So make these your New Year Resolutions this year
- Research a password manager such as 1Password or LastPass and give one a try.
- Use unique and complex passwords for every service you access, using your new password manager to remember them for you.
- Have fun, and try not to think about 2020 again!
If you have any questions about using a password manager, that can’t be answered by one of the above tours, please reach out in the comments section.