5 Steps to Better Password Hygiene

Back in the infancy of the Internet you could browse to a webpage and consume its contents without creating an account or worrying too much about your personal information telemetry. The current iteration of the Internet has made usernames and passwords ubiquitous among online service providers and with that comes a level of fatigue and frustration when creating accounts that are unique both usernames and passwords. The practice of account reuse is not smart for multiple reasons; below we will talk about just a few of these reasons in depth and what you can do to make your digital life not only easier but more secure.

Passphrases:

Traditionally we have been conditioned to think of passwords as a random set of characters that are somehow meaningful and memorable to us as the user. An example of this would be something along the lines of “Spring2020!” Creating a password like this abides by a couple of rules, we can write those down as “Season” + “Year” + “Special Character”; this is called a Schema. More or less what that means is that you have a repeatable ruleset for creating an artifact, in this case, a password. Now for this kicker… This is a bad idea and you should not create passwords using this method.

Password Management:

Now that we discussed how to create strong passwords, it’s time to talk about how you will never need to create a password again! Confused? It’s ok, let me explain. Managing those super-secret artifacts and creating them over and over when necessary can be time-consuming and cognitively draining. Here is where a password manager comes into play. Tools like BitWarden, OnePass, KeyPass, etc. all offer ways to manage your ever-growing list of account credentials. Not only do they help manage, take stock, audit, and even sometimes help you change them but they can also create randomly generated super long passwords that you never have to know! Think about that for a second. It is a tool that not only manages and keeps track of your accounts but also creates and audits your passwords for you? Sounds like digital account heaven!

BitWardens Password Generator

Multi-factor Authentication (MFA):

Prefaced by 2FA (2-Factor Authentication), MFA is less of a feature and more of a security mindset when you think about it. The idea with 2-Factor was that you would have a second form of authentication that went along with a username and password in order to verify your identity when accessing whatever resource it was that you were trying to access. The concepts at work here can be traced back almost 40 years but not until the past 15 to 20 years have these concepts been required to protect our personal identities and data.

Google Authenticator

Passwords are not like underwear:

There used to be this idea that passwords were like underwear and you should change them often as a good practice. This is actually only half true. Yes, we need to clean our passwords and make sure they are not reused or insecure but let’s not change our passwords more than necessary and I’ll explain why. Remember before when I was talking about the use of Schemas (“Season” + “Year” + “Special Character”) in creating passwords and why that may not be a great idea? Now pair that with current password rules like requiring complexity and only being between six and ten characters and other not-so-great rules out there. Picture this: you have an eight-character password and your service provider or company is requiring complexity. This means that you need to have a lower case, upper case, number, and special character in your password that totals four of the eight characters. So I as the attacker already know that in four of those eight characters there HAS to be one with a number, an upper case, a lower case, and a special character. That information alone lowers the overall entropy space of the password from the get-go.

haveibeenpwned.com

No such thing as free WiFi:

When it comes to the internet, we all love to stay connected. We have grown accustomed to instant access to information and the ability to stay in touch with our loved ones and the rest of the world. We crave that connection so much that we routinely log into unsecured hotspots without really giving any thought to the risks that we may be opening ourselves up to.

Information Security Professional with a passion for efficiency and video games

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store