Passwords … the bane of our lives! An evil we unfortunately have to live with until technology has perfected a simple, safer and less annoying way of securing our log-in credentials. Meanwhile, is there such a thing as a perfect password, and how can we make living with passwords easier on ourselves?
Most of us know the golden rules for passwords – things like using combinations of letters, numbers and special characters, not using words that are found in the dictionary, and not using the same password for everything, etc. etc. But the trouble is that the hackers who are out to steal our passwords and personal information have got better at what they do – and the tools of their trade are more refined too – so it’s increasingly difficult to protect your passwords.
If you’re honest, you’ll admit that you don’t always follow the rules when it comes to making your passwords difficult to hack – or crack. It’s far easier to use your pet’s name followed by 123# than it is to do the right thing: ie. use a random string of characters, numbers, and uppercase and lowercase letters. After all, who can remember a password like BtMWsFkV3ySRM2q (that’s one that was generated for me after a “forgotten password” request recently). Even worse is to have a whole selection of such passwords for different log-ins. The mind boggles, quite literally! Even if you write them down on a post-it next to the computer, there’s the danger that you’ll spill your coffee on it, throw it away by mistake with your sandwich wrapper, or at the very least have to take ages figuring out which password is which.
Some believe they are staying safe by resorting to “leetspeak”. This involves replacing vowels in a word with a number or character – so that, for instance, mydogharry would become myd06h4rry Since leet (or l337) is a recognised computer code, though, hackers are very familiar with this dodge and know all about how to crack such passwords.
Most cyber-security experts recommend that you go in for two-factor or multi-factor authentication wherever possible, if the option is given or demanded. That means that besides a password, you need to enter some other memorable information, a pin number and/or use a hardware token such as a card reader in order to access a website or perform a function on a website. You’ll probably find that your bank account, for instance, already functions in this way. It’s inconvenient and time consuming perhaps, but does improve your online security.
You can try out your password in one of those online password strength meters, such as www.howsecurismypassword.net. This allows you to adjust the password and keep trying until it registers (like a recent one of mine did) as super-strong! In fact the site referenced above, when it received my password, told me it would take a computer six million years to crack it!
I am satisfied that is going to be as good as I can get, but the other problem with passwords is that they should, by rights, be changed fairly frequently (especially after any remote chance they could have been compromised) – and there are just so many of them to deal with!
If you have just too many passwords to deal with, and are constantly tearing your hair out with the herculean task of generating, managing and remembering them, you can protect your digital life with a password manager – not a person, but online software you can subscribe to which will generate, store and automatically log you in with your passwords for all your online accounts.
This is a great option, but they do cost money (there are free ones out there but not having ever used such I would hesitate to recommend them) – and it should be a case of “buyer beware”. Even the best of these password managers are not infallible and have been hacked in the past. One of the leading lights, LastPass, for instance, dealt with security flaws that left it vulnerable earlier this year.
Nothing is 100% guaranteed to help us out of the password swamp until perhaps the full-scale advent of biometric authentication (identification using physical features such as fingerprints, the iris of the eye or even facial recognition) is universally possible. Even then, to be totally secure, we’ll probably still need passwords as a second-factor line of defense.
Meanwhile … a password manager will save you from a headache if you use due diligence in picking a reliable one: as long as you don’t lose the master password you need to access your password manager!