Someone didn’t bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and…god. So, would your holiness care to change her password?
–Hackers, (1995)
Passwords. They keep things safe and yet are the most hated thing about technology. If I had a dime for every time a user said to me “can’t you just make it something simple or do away with it all together?!”, my face would be on the cover of Fortune Magazine.
Fortunately, you can have super-complex passwords AND not be bothered by them.
I’m not going to go into the nitty gritty and make your eyes gloss over, but NIST drafted policy years ago that set the stage for “common practices” for passwords. You know the drill; 1 Capital, 1 lowercase, 1 number, 1 special character, Minimum of 10,000 characters, don’t write it down, eat the post-it note if you do.
I have always written down passwords. I never wrote down what they were for, that was in my head. I did this because I use “overly-complex” passwords. That was the old way, for the last decade or more, I’ve been using software to hold all of my passwords. This way I only need to remember a small handful of passwords to open the gates to ALL the passwords.
Let me introduce you to 2 programs that you, the everyday joe, can use to safeguard your sensitive information.
LastPass helps you by storing your website passwords, personal information, and even CC info. I only use it to store website passwords and my name/email/shipping address.
It integrates with every major browser on the market, and even has a mobile app. It’s also FREE. When you visit a site, LastPass takes care of the “annoying password” part, and all you have to do it click “sign in”. When creating logins for websites, you can even have LP generate a secure password for you.
You can opt to pay then $2/mo for Premium Features, or just use it as is for free. I have yet to need the premium features, YMMV.
KeePass is Free Open Source Software. The code is there for anyone to audit, contribute, or fork (start a new version). There are many flavors of KeePass that support damn near every Operating System on the planet. I use KeePassX, as I prefer that interface to the others.
KeePass is different from LastPass in that KP is just an encrypted DataBase that houses the information. It doesn’t integrate with your browser, and you have to copy/paste your usernames and passwords. That’s not a deal breaker. People typically use it to store various information; like Bank Account numbers, Credit Card information, Computer passwords, etc.
With these 2 applications at hand, there should be no excuse to use weak passwords, or the same password for multiple sites and computers. That said, I still recommend strong passwords everywhere; the more sensitive, the more complex; Minimum of 10 characters with a mix of upper case (ABC), lower case (abc), Numbers (123), and Special Characters (!@#). It’s also important to note that you should not use passwords that are easily guessable, like the name of your child: BettyJoe1984!. Changing your password on a regular basis isn’t as important as everyone says; The new NIST guidelines say that you can do it, but really only if you think your password has been compromised.
It’s also important to note than many websites have Two Factor Authentication (2FA) available. It used to be you had to carry around a little Fob on your key ring, but these days your smartphone has replaced the Fob for the most part.
My Crystal Ball tells me that passwords will be around for many decades to come, but other forms of Authentication are on the move. Everyday Biometrics are getting better, I remember when the Fingerprint Reader on my Samsung Galaxy was so hit-and-miss I didn’t bother to use it, but the Reader on my Galaxy7 is spot on and gives me little to no trouble. USAA‘s mobile app allows you to Authenticate with a PIN, your finger, your voice, and even your face.
I’m sure at some point, technology will evolve and we’ll be living in a world straight out of Gattaca (1997), hell Companies are already playing with implantable RFID chips in its employees. I, for one, will pass on trackable implants and Genetic Authentication. It’s bad enough that you are tracked every day through your cell phones, your movements on camera, and even the HID Card you use at the office.
Alas, I’m delving into a whole different subject that I could rant about for days. I’m a huge proponent of personal freedom and the ability to hide from technology. Maybe one day I’ll put on my tinfoil hat and give a sermon…or maybe I won’t. That kind of post would get very political, very quick and I’m all about companies staying out of politics.
At any rate, be smart, be safe, and STOP USING CRAP PASSWORDS!!