Password Security Is No Joke

It’s no secret that online security is more important now than it was a decade ago.

One of my own personal pet peeves, though, is the constant use of very bad password practices that are used by lots of people (me included)!

Password Safety

It’s become fairly common knowledge that having a long and strong password is both important and fairly easy (as this XKCD comic demonstrates). What is also true, though, is that it’s just as important to keep your passwords unique from site to site.

This post a little while ago over at BleepingComputer (a site that covers many aspects of computer security) does a pretty good job of demonstrating why unique passwords are so important.

The post discusses a batch of 127 million records being sold on the dark web market Dream Market.

These records supposedly consisted of email addresses, usernames, passwords (some encrypted, some not), names, Facebook IDs, and some passport numbers.

These records were said to have come from a variety of companies. Some big (MyFitnessPal, MyHertiage, Whitepages), and some small (CoffeeMeetsBagel, DataCamp). Of all the companies listed, some have disclosed the data breaches, while others state that no breach happened.

This entire trove of 127 million accounts was being sold for only about $14,500 in bitcoin.

The Danger of Lazy Passwords

The danger of reusing or slightly modifying a password (even a good one) should be obvious by now.

If you use the same login information for MyFitnessPal and for your bank account, and your MyFitnessPal password is L0NGP@SSW0RDSRGUD, then having your banking password as L0NGP@$$W0RD$RG00D is not a good password.

There just isn’t enough difference to slow down an automated password cracker for more than a little bit of time.

Even worse, though, is reusing a password for your email account, since your email is a central hub for almost all of your other accounts. Once an intruder gets into your email, there’s not a lot you can do to regain control of your accounts except close them or change the email address – before the intruder gets in and locks you out, of course.

Use A Password Manager

All this is to say that if you don’t use a password manager like LastPass, you really should.

LastPass not only holds all your passwords for you (so you don’t have to remember them), it can also generate random passwords with a wide variety of options (including character length, using numbers or symbols, and even making it pronounceable so it’s easier to remember).

Other good options include 1Password (Mac, iOS), DashLane (Mac, iOS, Windows, Android) or if you want the ultimate control, KeePass. (almost every platform).

No matter which one you chose, though, make sure you use it. These won’t protect you from data breaches, but they will protect you from the knock-on effects of reusing passwords between sites. Plus, the longer your password, the less likely it is that it can be cracked by brute force methods. If you’ve got valuable or private information online (and who doesn’t these days?) this is the minimum that you should be doing!