Would you tell me your password? Probably not, but there might be a good chance I could guess it. In SplashData’s list of the the worst passwords of 2015, compiled from data acquired in various breaches and hacks, "123456" and "password" continued to top the list.
You’ll also probably be surprised at how easy it is for cyber miscreants to crack passwords. No wonder we all want an alternative badly. For now, though, there are two things you can do: Make your crummiest passwords at least somewhat better, and check out some of the password alternatives starting to come online.
Think In Phrases, Not Words
The first principle of better passwords is to avoid simple words and numerical pairings. Even Edward Snowden pointed this out when interviewed by John Oliver last year.
You need to think in phrases rather than pass-words, and forget about simple words found in the dictionary. For example “admiralalonzoghost420YOLO” is silly, but the person that came up with it could easily remember it, and it’s harder to guess than something like “admiral1”. Obviously, I don’t recommend using either of those now; just think of them as inspiration for the future.
You should also aim to have much more than eight characters in your password and never have any reference, however vague, to yourself. Sorry, but your mother’s maiden name just isn’t going to cut it anymore.
We’re all guilty of reusing the same passwords. With more sites and social media than ever before, it’s easy to become a little complacent, even accidentally. If there's absolutely one password you shouldn’t reuse, however, it’s your email’s. Once compromised, it could be used to wreak havoc.
Finally, and I know this hurts, you need to change passwords regularly. Just as you should change your login details if a site’s been hacked, you really need to keep changing passwords so your data is never a sitting duck.
Ideally, someone or something would do all this for you, and that’s where password managers come in. Today the best option is a password manager such as LastPass or Password1, that can create and remember complex passwords so you don’t have to. These rely on a master password to verify you and secure all of your logins.
However, like any software, password managers aren’t perfect. Trend Micro’s antivirus program comes with a built-in password manager. Recently a Google security researcher discovered that it could accept remote code that could be used to steal the passwords stored in the software. LastPass, another popular password manager, fell prey to a phishing attack that could spoof users into divulging their main passcode for accessing their stored passwords.
The Future: Multifactor Authentication, Biometrics
Two-factor authentication has become standard advice. This involves a two-step process for logging in, usually using another device like your phone synced to your online account. It will, in theory, ensure it's really you who's accessing the account.
Biometric logins are slowly becoming more common too, and it could usher in a new level of verification. Apple’s Touch ID and Samsung’s fingerprint scanners got an early start. Microsoft features facial recognition technology in Windows 10 with Windows Hello, which Dropbox has added it to its login options.
Banks and payments companies have also dipped into biometrics. JPMorgan has integrated TouchID into its iPhone app, while MasterCard has trailed a “pay by selfie” feature to verify online purchases. Intel’s latest version of Authenticate requires fingerprint verification and, in some cases, detection via Bluetooth that your smartphone is physically present.
It’s Not Your Fault
It’s not our fault that we struggling to secure our digital lives. The responsibility should fall on apps, websites, and companies that have failed to develop and foster real, and secure, alternatives.
Apps and services are already responsible for every other area of a your online experience. Why should user authentication be different? They need to stop blaming the user for creating a weak password when the site itself could have adopted stronger security that would make a cracked password practically useless to an attacker.
Meanwhile, do just a few things to make your bad passwords a little better. You'll grumble now but you’ll thank me later.
Write a comment