The Problem: Almost every site these days asks for a username and password. Some of the sites have their own requirement like it must have an uppercase and two alphanumerics and the length must at least be 10 characters. Okay that may have been an exaggeration but it seriously does feel as if the requirements are so high and and give you a fake sense of security. That’s right, FAKE! A prime example is shown below where Facebook says the password: “Password1” is a strong password just because it fits the requirement to their algorithm. I’m sure most people will agree that this is no where near to being a “strong” password.
Password creation: This brings up the question how to make a strong password? Some people have suggested to make an algorithm: 1) use a common word* 2) append to it with a phrase related to the website and use it as a prefix, suffix or add it in the middle. Of course there are many caveats to this “simple” algorithm. Firstly, don’t use information that you think is confidential like birthdates or SSN because let’s face it, it’s not. You may also try to use “@” to replace “a” or “3” to replace “e” etc.
Brian Krebs has a good article on this that can be found HERE. In it, he advises that the “best” practice is to make a list of all the websites that require your login, next to it put down your login id and a clue for the password. I would think this is somewhat faulty since if it’s not encrypted the file can be accessed by unauthorized users and then it would just come down to guess and check especially if you use the same password across multiple sites.
Password management: Some people also use password managers like 1Password to keep track of their numerous logins. However, that’s just so counter-intuitive for me. The old phrase, “don’t put all your eggs in the same basket” comes to mind. PCMag recently compared various vendors in 2016, their results for the paid password managers can be found HERE and their results for the free password managers can be found HERE.
For more information regarding the predictable pitfalls, The Specops Password Report offers some insights.
What are some of your password creating & managing tips?
Here is a comic from XKCD that sums up the current situation in password security: