Are you guilty of protecting all your online accounts by the same password or close variations of it to satisfy each website’s password criteria. While it may be of some comfort to know that you are not alone in this criminally ignorant practice but you should not think that since everyone else is doing it is okay if you do it as well.
We all know the kind of risk we take when we use the same password at different sites. As more and websites are using your email as your username – to provide ease of use, better integration with other services and to maintain a unique user profile – this does open up one possibility of compromise. If I get to somehow break or guess your password for say Facebook or Gmail or LinkedIn and you have used the same password other more than one services, just imagine how easy would it be for me to get access to your other online accounts.
Security professionals recommend two-factor authentication as one of the ways to overcome the low level of security for these website. This has been adopted by Banks in the past considering the financial impact of any security lapses but more recently this approach is becoming more mainstream with likes of Google and Facebook moving their boat in this direction. Two-factor authentication works on the principle of providing security by requiring two pieces of information based on (1) something you know (e.g. password) and (2) something you have (e.g. a security token device). This ensures that if one of these information is compromised it would still be useless without the supporting other piece. While this is all good and does provide a promise for the future (with some overhead of managing two and not one piece of information), it will take a while for all of the websites to incorporate this into their security mandate.
So what can you do right now today that can help you be more secure? The answer is rather a simple one. Use different passwords for different websites. How can you remember all of those passwords then? I have come across a very good set of guidelines which can help you overcome firstly the issue of generating a complex enough password and secondly remembering those different passwords without fail.
The roots of the following guidelines go all the way back into the art of storytelling. People don’t remember facts or numbers but they do remember stories. The art of storytelling has been successfully or unsuccessfully been used throughout the history of mankind. The point is that it is easy to remember a phrase rather than a hard combination of alphabets, numbers or special characters. Keeping this principle in mind, the following guidelines will help you create your own complex, hard-to-break passwords and also remember them without fail.
First of all, the basics remain largely the same and a good password or a passphrase should have at least the bare essentials as follows. Your password / passphrase should:
- at least be 8 characters long (this helps with increasing the number of possible combinations that a password cracking program will need to go through to ‘guess’ the phrase – actually longer is more preferable)
- not contain common phrases found in literature or music (this helps with avoiding dictionary based attempts to ‘guess’ your password)
- not be comprised of a single word such as ‘Armageddon’ (this will be an easy ‘guess’ as compared to other more complex or combination choices)
- not contain personal information that is likely to be known by other people such as your Birthday, car name, favourite place, etc.
Good security practice now recommends the use of a passphrase instead of a password, which involves taking a simple phrase and strengthening it to meet the complexity criteria. This creates a password that is hard to break but simple and easy to remember.
Passphrase: Armageddon is inevitable tomorrow
Remove spaces and capitalize each of the first letters: ArmageddonIsInevitableTomorrow
Replace letters with numbers(e.g. i’s by 1, 0’s by zeros, etc.): Armag3dd0n1sin3vitableT0m0rr0w
Replace letters with special characters (e.g. a’s by @, i’s by !, etc.): Arm@g3dd0n1s!n3vit@bleT0m0rr0w
If the passphrase is too long, use the first letter, or letters, of each word to shorten it: A1s!inT0m
The above is not a perfect example (no example is) however it does give you a framework to setup your own unique password that is easy to remember but hard to break. While not an ideal advice but if you are not even good at creating a different passphrase for each of your online accounts, you can try sticking to one passphrase and insert the name of the online website at random to create something more unique to each of them.
I am very much interested in listening to your thoughts or if you have any other tips that you use to protect your passwords online. I also love to answer any questions that you may have so please use the discussion box below this post and I will respond as soon as I can. I believe that even if one more person is secured using some of the clever techniques like above to safeguard our online lives, we would have made a difference in making our cyber community just that much more secure and thereby much more enjoyable.