A dad brings home a new puppy for his young son. The boy is so excited to have his first pet. Dad says, “Make sure you pick a good name, it will be your password hint for the rest of your life”. It’s funny how 20 years ago passwords were something most people rarely used in daily life. Passwords, or “watchwords”, have been used, not surprisingly, by the military since Romans times. The “watchword” was passed from unit to unit during a night’s watch then back to the commander to ensure each guard was friend and not foe. Later, passwords and counter-passwords were used during World War I by paratroopers, creating a challenge/response type authentication that was changed every 3 days to keep enemies out of the ranks.
Today passwords, PIN codes and key cards permeate our lives. They are used to log in to your computer, open your car door, even open your home or office building. As the use of passwords has grown so have the ways to steal them, forcing the passwords to be more and more complex, changed more often and harder to remember. The “strength” of your password is important; simple passwords are easy for software tools and humans themselves to guess or crack. It is still common to find accounts that can be opened by using “password” or “123456” (in fact, the two most commonly used passwords). Simple passwords based on dictionary words can be guessed by a brute-force cracking program in minutes (and should never be used), going through a list of words until it finds the match. The more complex the password, the longer it takes for programs to reveal it. Adding numbers, symbols and more characters greatly improves the password strength. Best practice is to try and use a lower case, upper case, number, special character, punctuation and to increase the length of the pass phrase. A weak password should not be used, but if it is it should be changed every 30 days. A strong 14 plus character password like “0hCaptainMyCaptain” can go 6 month without having to change it.
Would you carry around one key that fits your office, your home and your car doors? Of course not! If someone stole it they would be able to go everywhere you go and take all of your belongings with just the one key. Using the same password for different sites and services is very much the same. Typically website passwords can be reset by knowing and having access to the email account associated with it. In most cases the username is your email address, so with these bits of information an attacker could access all the sites you use such as Facebook, eBay, Pinterest, even your bank account! Changing the password from site to site keeps an attacker from using passwords acquired from cracking into a weak website and using that to access your accounts on other sites.
There are many encrypted password storage apps out there. They can be used to store your ever growing password list. However, we recommend that you check out the application on Google and make sure the one you are choosing has a good reputation. If you feel that you still do not have confidence in encrypted digital storage that the most secure way of storing these sensitive passwords is memorization.
Now that you are thoroughly paranoid about all your passwords, here’s how to make it better. Long passwords are stronger but they don’t have to be unforgettably cryptic. The key to a good password is finding a mix of complexity and memorability. A series of three to four words with spaces will be considered a strong password that also can be easily remembered. For example, “Ilikepizza” as your password would take about 9 hours to crack with a regular desktop PC’s processing power, compared to “I like pizza” which would take 130 thousand years! What a difference a space makes! You can try your password out at https://howsecureismypassword.net. I just tested my current password, it would take a desktop pc 234 trillion years to crack it! Passwords can be hard to remember, especially if you throw in special characters, random letters, capitals, etc. Pass PHRASES on the other hand can be remarkably simple to remember and very hard to crack. If I change my current password to “Green Wandering Elephants!” it bumps up the time to crack to a Decillion years and guess what? Chances are that you have already memorized it.
If you need help coming up with a password, or need some examples, check out one of my favorite sites: https://xkpasswd.net, which has some premade buttons for popular types of passwords for Windows, Web Sites, or your WiFi Key.
Sometimes it can be tricky when it comes down to actually changing your password if you don’t do it often. Check these links for how to reset passwords for commonly used systems and websites.
Microsoft Windows - http://windows.microsoft.com/en-us/windows/reset-windows-password
Apple Mac OS X - http://support.apple.com/kb/ht1274
Gmail / Google+ / Android - https://support.google.com/accounts/answer/41078?hl=en
Apple ID / iPhone - http://support.apple.com/kb/ht5787