By Ken Colburn, Data Doctors
PHOENIX — Q: What’s your best suggestion for managing passwords, so I can make sure to use unique passwords on all my accounts?
A: Passwords are one of the most important elements of security, but still one of the most overlooked by the average user.
As I’ve previously written, the tech industry has done a horrible job with password education, which has created an environment where complex passwords are hard for users to remember but easy for hackers to break.
Simply making passwords longer will exponentially increase the security against a common exploit known as the brute force attack, a sophisticated high-speed guessing process.
With computing power so readily available to hackers, no matter which combination of the typical 8 letters, numbers and special characters you’ve been trained to use, it takes just over one minute to break.
You can see for yourself with Gibson Research’s Haystack tool.
A better way to build secure longer passwords is to use passphrases that are easy for you to remember and a waste of time for brute force attackers.
For instance, ‘I Hate Passw0rds!’ is a 17-character password that takes the brute force time from 1.12 minutes (for any 8-character password) to 13.44 billion centuries.
Making sure you use unique longer passwords for every account makes remembering all your passwords pretty difficult, if not impossible, so finding a password manager of some sort is the key.
Although there are lots of password-management programs, don’t forget that a low-tech approach may be all you need.
Writing down your passwords and keeping it buried somewhere in your desk is a far better option than using the same password on every account you own.
The total number of ‘hackers’ that can gain access to a physical piece of paper buried somewhere in your desk pales in comparison to the millions who know to try a compromised password everywhere.
The key is to not make it obvious that the physical or electronic document is a list of passwords. Don’t use the word “password” anywhere on the document, and come up with your own encryption scheme just in case someone does find it.
For instance, add 4 random characters to the beginning of each entry so only you will know to ignore them.
While this approach isn’t technically as secure as using an encrypted password management program, it’s a heck of a lot safer than using the same password everywhere, and it’s easier for non-tech savvy users to execute.
For those looking for electronic password management programs, I like LastPass, RoboForm and Dashlane.
Dashlane is in the process of launching a new password-changer tool that makes updating passwords much simpler when someone you do business with gets breached. You can learn more and sign up for early access.
If nothing else, make sure you’re using a unique long password on your e-mail account and activate 2-factor authentication, as it’s the gateway to everything you own.
Remember, password reset messages get sent to your e-mail account, so protect it like no other.