Hacked-Account-Or-Treat: Maintaining Password Security

    Oct 30, 2015 Jessica Jones

    Earlier this month we discussed how to determine what happens to your online presence after your eventual demise, and in that post we touched on the subject of passwords and whether your loved ones have access to them. The use of password management systems like LastPass or 1Password was mentioned as a way to grant critical people access to your accounts - today let’s talk about the primary reason for using a password management system: keeping your passwords secure.

    Is your password on the rusty side? <figcaption id="caption-attachment-3788" class="wp-caption-text">Is your password on the rusty side?</figcaption></figure>

    This is not a new topic - you’ve probably been told multiple times, both directly and through articles and email warnings, that you need to keep passwords secure. Unfortunately many people still don’t heed this warning, choosing instead to take an “if it happens it happens” attitude. I’ve seen people using the same password for everything (I used to be guilty of this myself - it was a secure password but it’s still not a good plan), using extremely insecure passwords (their business name or a part of it, their own name, or - yes, really - variations on the word “password”) and keeping passwords written down in a physical notebook. Many people, if questioned about this, will give a response along the lines of “I know, it’s bad, but I’m busy and passwords are hard.”

    Yes, password security is inconvenient. So is getting your email hacked.

    No one is arguing that maintaining secure passwords isn’t a pain. Of course it’s a pain. It’s also extremely important. Okay, so maybe you’re not super concerned about the security of your more frivolous personal accounts, but when it comes to accounts that are connected in any way with your money, your business or your reputation? If you’re not concerned, you should be. You could find yourself in any number of unpleasant situations if these accounts were to be hacked - finding that spammy links were posted to your personal Facebook profile may seem like a minor irritation, but what if it’s your business’s Facebook page, and the links are particularly unsavory? What if the account holding your business’s domain registration is hacked? What about your email - are there business-related exchanges that could cause a situation should their security be called into question? What if inflammatory material were to be posted to your business’s website?

    The inconvenience of setting up a system for maintaining secure passwords is minor compared to some of the potential consequences of leaving your accounts vulnerable. Fortunately there are solutions that don’t involve you having to jog your memory for 25 different randomly generated 16-character passwords. As mentioned above, there are password management systems out there, and many of them are quite good. Google “best password manager” and you’ll find plenty of articles and reviews to guide you. When I chose to start using a password manager it was a tough call - there are a lot of great options out there, many of which have received consistently stellar reviews over the years. I think I could have picked any one among the several I narrowed it down to and would have had a great experience.

    Their individual features vary, but in general password management systems will help you to generate extremely secure passwords and then help you to store them securely and access them when necessary. With my system I can view any of my passwords on my smartphone - but I have to use fingerprint verification in order to do so. I also have a master password, as is typically required with password managers. Whatever you do, make sure that your master password is secure and don’t forget it!

    If you’re curious how secure your password is, test it with howsecureismypassword.net - this tool will tell you approximately how long it would take a desktop PC to crack your password. If you type in the word “password” you are informed that your password would be cracked almost instantly.

    If you need to generate a random and secure password but aren’t currently using a password manager you can use a random password generator tool like the one available on thebitmill.inc - generating a password using the default settings of this particular tool will give you a password that would take a desktop PC about 4 years to crack. Change the password length to 12 characters and that number jumps to 631 thousand years. Whenever possible I use 16 character passwords, which typically rate in the billions of years.

    The hassle is worth it!

    Having a system in place can actually offer convenience beyond just avoiding account compromise. While setting up my password manager took an initial investment of time (you don’t realize how many passwords you have until you start gathering them all up to change them!) it’s proven extremely useful now that it’s established. Different sites have different password requirements, and it can be extremely difficult to keep them all memorized - or to store them securely on your own. I sometimes had difficulty logging in to accounts that I used infrequently and would end up resetting my password whenever I had to get into them. Now I have all of them easily at my fingertips, but at the same time safe from prying eyes.

    It may be something you’ve thought of doing and put off because you simply haven’t had the time. Give some thought to the resources that you’ve got stored on your online accounts and how relieving it would be to know that it would take someone a few thousand or billion years to forcibly access them - but that you’ve got that access available to you at any moment.

    More On This Topic