Grundig IT Newsletter

Quote of the Month

“The way to get started is to quit talking and begin doing.” – Walt Disney

Nobody like having to deal with passwords but they are used everywhere. Every website and every company has their own idea how to handle password policy. Let’s discuss common problems with passwords, common solutions you can use, and tools that can help you check your security.

Passwords and personal data are usually stolen long before the individual is notified, and often people are not even aware of it. This is something you should be concerned about. It is a good idea to check for any recent security breaches of your favorite websites regularly. Google Chrome has a built-in password threat detection that’s worth using: Go to passwords.google.com and click the ‘Check Passwords’ button. It will tell you how many passwords have been compromised, and how many you’ve reused.

Another good website to look at is haveibeenpwned.com, which keeps track of known password breaches on websites and can report if your email address has been found in those risks. It even reports on what was exposed in each of those data breaches: Email, passwords, date of birth, credit card data, and so on. It also does report whether login passwords have been hacked, or just password hashes (which is bad but less dangerous). As a bonus, that website has a ‘passwords’ page that will search known lists of stolen passwords for a particular password.

Now that we know how many risks are out there, let’s look at the passwords themselves. The most common problem people run into with their passwords is be forgetting them. This is by far the most frequent issue people have with passwords, and it stems from having to keep track of so many. One for your home computer, another for work, possibly more for specific work applications, then every website you use wants one, and then more, and more.

Sometimes, people get around this problem by repeating the passwords. Doing so means if someone hacks your password, they now have ALL of your passwords. You can run into similar problems if you have a master password list on a word document or an excel spreadsheet on your computer – if someone gets access to your computer, they can open up passwords.docx and get access to your email, your bank account, your insurance, and your whole life. Regardless of the specific requirement for a site, it is better to use long passwords than short ones.

Contrary to popular belief, multi-symbol passwords are not easier to hack than long but simple passwords. Similar to that, people have a bad habit of using some ‘clever’ password that is similar to other clever passwords, and it’s not hard to take common simple words and switch letters, numbers, and symbols for common mnemonic changes. Keyboard patterns are also very easy for hackers to account for. Here’s a list of common passwords people use that you should avoid at all costs.

How does one make a secure password? First, ignore how long the minimum required length is – short passwords are never the most secure (in fact, #Y&Fsa4y is less secure than MySecretEmailPasswordIs1234). Instead, look at the longest it allows – if the longest password is under 16 characters, you should always use the longest you can. You want to avoid birthdays, any words shared with the login or website you’re looking at (don’t put ‘em@il’ in your email password), or your parent’s pets. Favorite holidays( f00l@pril1st) or memorable books can provide inspiration for passwords. (TolkeinSimarillion-365pages is a fun password for a Lord of the Rings fan site!) Deliberately misspelled words is also a good mental trick – 1secretPawsword, or sevne7dwarfes.

One of the biggest steps you can take to secure your accounts, however, is two-factor authentication. I often hear people complaining about needing 2FA, but it is a very big step towards securing your privacy and safety. Even if it can be a bit of a hassle for you, it is much more of a hassle for anyone trying to hack into your account – and you likely will get notified when someone tries to access that account. An authenticator App on your phone is better than an SMS text, but even the text is better than nothing. I always recommend adding multi-factor authentication to any important account.

The final tool to look at when managing passwords would be a password manager. There are a number of options for that – all web browsers, including Firefox, Chrome and Edge, can keep track of passwords and personal information to fill out forms for you. There are a number of online password manager programs that can store passwords across platforms and fill out forms by browser plugins or phone apps – includingLastPass, NordPass, Dashlane and 1Password, among others. While this can make managing your passwords easier, it makes remembering them VERY difficult, because you stop ever entering them. There also is the added risk that if someone learns your master password, they have access to your entire list – and though that is unlikely, it is something you must consider before deciding to go with this option.

There has been a growing popularity for password managers lately, and that’s no surprise. They can offer a great service in maintaining a growing and increasingly complex number of passwords. With more people using them, I will finish off this discussion with a clarification on what a Password Manager actually is. The first thing to note, a password manager does not make your passwords any more secure. Instead, it makes the storage and use of those passwords more secure. It won’t stop someone from hacking into your bank account – if your password is B@nk2020, it’s still a terrible password – but it will mean you don’t need any spreadsheet or text file keeping track of the passwords anymore. This and the auto-fill feature means you can have long, complex passwords without worry of forgetting them.