Password Security Shownotes

Passwords are a necessary evil; some love them, some hate them. Passwords are keys to your digital life and must be protected at all coasts. Luckily it does not cost a lot to protect your passwords. Sadly not everyone sees passwords as that important. This can be seen by looking at the most common passwords. Some of these passwords are: 123456, 123456789, qwerty, and password. Another thing people may do is reuse their passwords for multiple accounts. For example, if your password is really strong and you use it as your password for everything (email, Facebook, online banking, etc.) that is just as bad as using common passwords. If an attacker gets your passwords for one account they have it for all your accounts. With data breaches happening so frequently, it’s almost a given that they might have a password that you have used in the past. So what can be done to protect yourself?

First, do not use common passwords. The attackers have a list of passwords that people have used from data breaches and they will try to use them first to gain access to your account.

Second, make sure your passwords are not weak. Making strong passwords are not hard but they do take some time. The first thing to consider is the password length and make sure you are using more than 8 characters. Personally, I would say the minimum length should be 12 characters. The longer the password is, the harder it will be for an attacker to guess your password. Next, make sure the password is a mix of upper characters, lower characters, numbers, and special characters. So how can this be done to create not only a strong passwords but on that is memorable? By leveraging your powers of association and make the associations unique to you. For example, you can create a password using the words sun, walk, rain, and car to create a password. Starting off with the words you would replace some with special characters and numbers. So sunwalkraincar will turn into $unW@lkRa1nCar. An easier way to create these types of passwords is using a method called Diceware. The way you use Diceware is you first get a die or dice and a list of words from the Diceware website (link in the description). Next, Decide  how many words you want in your passphrase (3 to 5). Now roll the dice and write down the results on a slip of paper. Write  the numbers in groups of five. Make as many of these five-digit  groups as you want words in your passphrase. You can roll one die  five times or roll five dice once, or any combination in between. If  you do roll several dice at a time, read the dice from left to right. Look up  each five digit number in the Diceware list and find the word next  to it. For example, 21124 means your next passphrase word would be  “clip”. When you are done, the  words that you have found are your new passphrase. Memorize them and  then either destroy the scrap of paper or keep it in a really safe  place. Now if you do not want to roll dice you can use a Diceware Password Generator.

Third, DO NOT reuse any password! This means every account has a unique password. Now you are probably asking, wait I have a lot of accounts how am I going to remember tons and tons of different passwords? The short answer is, you should not. The best thing to do is use a password manager like LastPass, Bitwarden, 1Password, or KeePass. This way you only have to remember 1 password, the master password to unlock your digital password vault. The password manager will save all the passwords you create so you don’t have to remember them. Using a good password manager will also give you the ability to generate random strong passwords, so that you do not have to use the Diceware method if you do not want to.

Whatever your stand is on password, just remember to do one thing; use strong passwords like you would use keys to your house. Make sure they are strong and that no one can just guess them.

 

 

Links:

Top 50 Worst Passwords: https://www.teampassword.com/blog/top-50-worst-passwords-of-2019

Easy ways to build a better password: https://www.nist.gov/blogs/taking-measure/easy-ways-build-better-p5w0rd

Check your password strength: https://www.grc.com/haystack.htm

About Diceware: https://theworld.com/~reinhold/diceware.html

More about DiceWare: https://www.eff.org/dice

Online Diceware generator: https://diceware.dmuth.org/

Android Diceware generator: https://play.google.com/store/apps/details?id=com.sjsoftwaredev.diceware&hl=en_US&gl=US

iOS Diceware generator: https://apps.apple.com/us/app/diceware-password-generator/id1053475495

Lastpass Password Manager: https://www.lastpass.com/

Bitwarden Password Manager: https://bitwarden.com/

1Password Password Manager: https://1password.com/

KeePass Password Manager: https://keepass.info/

RoboForm Password Manager: https://www.roboform.com/

Review of RoboForm: https://www.youtube.com/watch?v=oiywIEvkWgY