Passwords, Keys to Your Digital Kingdom

Passwords are a necessary evil and should be protected at all costs, they are the true keys to your digital kingdom. If your passwords are compromised you can have issues as little as losing access to services, and at the maximum identity theft. 

Below are a few strategies to help you along the password landscape with some pros and cons. This is not an exhausted list of options but hopefully some food for thought to help you along your personal journey of password management. 

A Few Password Strategies: 

First let’s start with what you should stay away from when choosing a password.

• Simple - These are passwords that are created through personal information such as nicknames, birth dates and kids' names.
  
  • When using something simple or publicly available you run the risk of these being passwords being compromised with minimal research. 
    
    
• Shared Password - This is when you have created an awesome password, but you use it everywhere.
  • Of course this makes it very easy to remember, but if one of the services you use that password with is compromised, any other account that uses that password can be compromised as well.

 Here are a couple better strategies:

• Phrases - This type of password is when you choose a phrase while also mixing in letters, numbers, and characters.
  Example: “chr1sWhIttl3R0X!"

• Generated - There are a lot of options out there that will auto generate a complex password for you.
  • The great thing about a password that uses phrases or are auto generated is that they are hard to guess. They also has more characters which makes it harder to crack. However, that in turn makes it harder to remember. 
    

You might be saying to yourself, "So, you are asking me to make my passwords more complicated and not to reuse the same one, how am I going to remember all of them?" The short answer is YES! But before you run and create/generate new passwords and throw them in an Excel spreadsheet, leather bound Day-Timer, or write them on a post-it note, pump the breaks for just a moment. Simply put, it doesn't matter if your passwords are complex or simple, stored in an Excel document or on paper, once your passwords have been seen they are compromised.

So what is another way that you can safely store your passwords while still being able to "remember them"? A password storage service is a great way to use unique passwords across various platforms while providing a safe storage solution. However, be sure if you use a service like this that you create a unique master password that you can remember all on your own. 👍

• PROS
  • Can be used across multiple devices, mobile and desktop applications.
  • Your password can be as complex as you want due to the way it's stored and accessed.
• CONS
  • If the service is down or you forget your main password, you're probably not going to remember the password you set for that account.
  • These types of services usually have a monthly/annual charge. But do you really want to entrust you online life to someone for free?
  • Will inherit all the cons of storing it in a spreadsheet if:
    • Someone gets your master password.
    • The service is compromised.

Lastly, we wanted to mention something that when available should be used in conjunction with a good password strategy.

Multi Factor Authentication or MFA adds a manual step to the process to help mitigate a password being compromised.

• Types of MFA's:
  
  • Mobile app based
    
    • This generates a time-based one-time use password that is required to login with your actual password.
  • Text message based
    • This sends you a token that is delivered via text message to the phone number associated that is required to login with your actual password.
  • Biometric
    • Uses something physically unique about you to add another level of security.
      Examples: Fingerprint, Face or Retinal scan

Hopefully, this gives you some food for thought on how you are currently handling your passwords and some ideas for tools to secure them. We will be continuing the conversation of cybersecurity throughout the month of October, so stay tuned.