Manage Your Password Like a Pro

Passwords….everyone needs them and most people have a “strategy” to make them feel more “secure”. By and large, everyone is a LOT more vulnerable than they think when it comes to managing passwords.

If you just want the answer to all your password woes, jump to the end and see what you should be doing. 

Rule #1: Your personal details are not secure

Hands up if you do/use one of the following: 

• Family members name with a piece of their birthday (usually the day/year) at the end
• Your birthday (e.g 26Jun1980)
• Use the same long password (no one will ever guess it)

How many of these are secure? NONE

With the rise of social media, it’s incredibly easy to find out your children/spouses names, birthdays etc. If Facebook can suggest my brothers golf buddy (who I’ve never met) as a friend, it’s safe to say that someone can find out your kids birthdays.

None of your personal details are safe to be used in your password. 

Rule #2: Post It Notes Are Not Safe

The next time I walk through an office and see passwords stuck on a monitor, I’m going to have words with said person (even if they’re the CEO). I’ve heard all the excuses; none are acceptable.

Smartphones can take pictures in a split second these days. An opportunist can easily snap a picture for later use, and you never know who is on the prowl for access to your emails/admin server. 

Under no circumstances are post it notes an acceptable method of storing your passwords. EVER!!! 

Rule #3: One Password is not enough

I’m guilty (in the past) of doing this. I had a password that met all the security criteria of the day. It was over 10 characters, it had upper case, numbers and special characters. No one would ever randomly guess it and I felt secure. I reused it all over the place. 

Many companies don’t treat your data with the respect it deserves. They store your password with easy to crack algorithms meaning hackers can download a database and crack your password. It’s not quite than straightforward, but with the advances in compute power, it’s fairly trivial to set up a rainbow table and crack a normal password in seconds.

If you don’t know what a rainbow table is, check out this Wikipedia page and prepared to be a little more afraid. Rainbow Tables

Rule #4: You’re not as clever as you think

You’ve got a good password AND you change it slightly depending on the site you’re logging into.

Example: myGreatPassw0rd

Facebook: myGreatPassw0rdFacebook

LinkedIn:myGreatPassw0rdLinkedIn

Can you guess what the password is for Amazon? Yes?!! So could a hacker. They only need to crack one password and you’re in trouble.

I’ve seen people using this strategy and it’s the best of a bad bunch where there’s no competition. It’s not secure, so don’t start telling me you change your password for every site. 

Okay, you’ve got me. My passwords are a disgrace and I have broken all of the rules above. What do I do?

Final Solution: Use a Password Manager

The solution you’re looking for is called a password manager. I recommend LastPass; it’s free and will work on your desktop and mobile devices. I’ve used LastPass for many years, and am proud to work in partnership with them to promote their products. 

There are three very simple rules for using a password manager listed below.

Use a LONG Password

The key to a secure password vault is a long password; longer than would be practical using common password cracking methods. Anything over 20 characters should be safe, but if you’ve only got one password to remember make it a phrase. I recommend 40 characters+

Combine the following to make a phrase:

• Book titles
• Favourite meal/restaraunt
• Songs
• Films
• TV Series

E.g. Walter-white-liked-eating-chicken-whilst-cooking-with-jessie

If you’re not sure if your password is strong enough, check out these password checkers. The first one (by Experte) also checks to see if your password has been leaked in the past. Very useful if you want to double check your password:

– https://www.experte.com/password-check

– https://howsecureismypassword.net/

NEVER STORE YOUR EMAIL ADDRESS IN HERE

This is your final line of defence. IF someone gains access to your password vault (unlikely but you never know), having access to your email gives them everything they need to shut you out of everything. You’ve been warned.

Use Unique Passwords for Everything

By using unique passwords for every single site, it doesn’t matter if a hacker gets that password. You’ve only used it on one site so there’s just one password to change. 

That’s It.

I’m going to write about the benefits of password managers for a business, but this article needs to dispel the common misconceptions that are constantly repeated by the luddites of the world.