The State of The Password
The number of guaranteed, unfortunate realities you could count on in life used to be a short list. Death and taxes were as bad as it got. But for anyone who is even marginally “connected” in the digital age, I’d bet you’d agree The Password deserves to be included in this collection – it’s the current bane of our existence. And if you’re anything like me you have dozens of logins to myriad services: email, shopping, banking, social media, etc. Whether you’re a casual Facebooker or a full-fledged Digerati, protecting your online data is paramount.
The news is rife with stories of password leaks: LinkedIn, Kickstarter and Yahoo! have all been recent targets of hacking. But the real victim is us, the user. The trouble with password theft is that your login name (typically your email address) is leaked along with your password. Therefore if you use the same credentials with other services, they’re all potentially at risk. This brings us to the golden rule of passwording: use a different password for every site. I know this sounds horrifying, but it’s the only way to safeguard against the security failings of the companies you interact with on the web.
Another protection is to beef up the length of your passwords. It used to be that adding complexity – a combination of upper and lowercase characters, numbers and symbols – was a surefire way to boost security. However, with the recent advances made in password hacking, length trumps complexity. Instead of focusing on a single word, you might consider a phrase or string of unrelated words. 14 is the new 8. Go big.
So how do you create and keep track of dozens of long, complex passwords unique to each and every site? Password managers are a great software tool that store and sync your site credentials on all your devices. You’ve likely let Firefox or Safari save a password for you in the past; and this is the same idea – only better. With a synchronized password vault you’ll always have the latest login information on your computer(s), smartphone, tablet, etc. LastPass, RoboForm, Dashlane, and 1Password are some of the top-tier packages leveraging browser plugins that hangout in the background and take notice when you login to password-protected sites. They’ll prompt to save your info and auto-login for you from that day forward. So not only can you stop remembering the credentials, you won’t have to type them either. And the icing on the cake: once you’re comfortable using a manager, you can allow it to create unique passwords for you. You remember the single password for the vault, and let it generate and enter ridiculously long passwords on your behalf.
Another protection being offered by many companies is two-factor authentication, where in addition to your password, a one-time code is required. This code may be sent to you via text message or generated by an app on your smartphone. Because most of us keep our smartphones at the ready, it’s a painless way to lockdown an important account. Apple, Google, Dropbox and Facebook all offer two-factor authentication and more are supporting the technology everyday.
In the end, common sense is your guide. The Post-it with your password stuck to the monitor probably isn’t the best practice. Likewise, using 1234 or PASSWORD is not a good idea. But whether you choose to employ a password manager, or strengthen your existing system, good luck out there. It’s a dog-eat-dog world — and you still have death and taxes to look forward to….