Sep 12, 2014

 

We increasingly rely on passwords even as that security model becomes more vulnerable to sophisticated attacks and social engineering and human error remain serious threats.

 

The solution? Use a sound password strategy and password manager application to minimize the risk while staying sane.

The most important thing? Don’t get discouraged, and don’t let the perfect be the enemy of the good. Implementing a perfect password strategy is a daunting prospect, but a better password strategy will make you safer than you are now.

Also - don't ever make your most important passwords (like the ones you use for online banking) public knowledge. In the real world I have found this to be far more important than using truly random, very long passwords that are designed to defeat a brute force attack.

The problem is that people tend to use the same passwords over and over again for different sites and purposes. The same one that they use to secure their home wifi network, and happily share with anyone that asks for it, is also the only thing protecting their bank account!

 

General Password Guidelines

 

• don’t reuse the same password on different sites
• use a password manager app to create and securely store strong, truly random passwords and sync them across all your devices
• make sure someone you truly trust has access, just like you would your bank accounts
• use two-factor authentication when possible
• security questions are the achilles heel. Don’t give real answers which can easily be figured out in the era of social media, instead use fake answers stored in your password manager

 

Creating Passwords

 

• don’t rely on “munged” passwords or simple subst1tut1ons 
• don’t use keyboard patterns like “qwerty” or even “!@#$%^&*()”
• don’t use common words
• increase password length
• mix character types (upper & lowercase letters, digits, and punctuation)
• select characters randomly

 

 

Managing Passwords

A secure password strategy depends on many unique and complex passwords. How do you keep track of them across multiple devices? Use password management software to create strong and truly random passwords and sync them across multiple devices.

Suggestion

1Password https://agilebits.com/onepassword

Supported Platforms: Android, iOS, Mac OS X, Windows
Cost: $50

1Password creates and saves strong, unique passwords for every site, app, and service you use and syncs across all your devices automatically, ready to be automatically filled when needed. It's a simple way to protect yourself from password reuse, data breaches, and password memory loss.

It exceeds security requirements using AES-256 (above the NSA standard for top-secret information) and the GPU resistant PBKDF2-HMAC-SHA512 key derivation function to provide added security against GPU attacks.

You can also create additional vaults and share them securely with your family or team members and automatic syncing keeps everyone up-to-date. For example you might share business logins with your co-workers, personal information with your spouse, etc.

 

Alternatives

LastPass https://lastpass.com
Supported Platforms: All

Dashlane https://www.dashlane.com
Supported Platforms: Android, iOS, Mac OS X, Windows

RoboForm http://www.roboform.com
Supported Platforms: All

 

Suggested Reading

Take Control of Your Passwords by Joe Kissell. This is a great book that makes a daunting subject understandable and gives you the information you need to protect yourself.