When it comes to protecting your digital identity, your first, and often only, line of defense is sadly something we’ve all grown to detest: the dreaded password.  A password or a PIN are required for nearly everything we access these days.  Whether you are simply checking an email or accessing your bank account from you mobile device, the list of passwords we’re forced to maintain seems to grow by the day.  This exhausting process of creation, memorization, update and repeat, is sometimes more than we can handle and often leads to password fatigue.

We’re all guilty of it, we’ve all used the same password for multiple accounts at one time or another.  Our password frustration leads us to apathy, which results in us doing exactly what identity thieves are hoping for.  With every new data breach, your information, and potentially a password that you have used for a multitude of online accounts, is closer to being hacked.  A 2015 report by the Identity Theft Resource Center shows how bad it is getting.  In 2015 alone, across the governmental, healthcare, banking, business & educational sectors, there were a total of 780 breaches with 177 million records stolen and exposed.  Although it can seem overwhelming and at times like a hopeless endeavor, there are a variety of simple password habits & tools that can help you reduce the chances of losing control of your digital identity.

Passwords: 101

Now that we have established the importance of passwords, and the necessity to utilize unique passwords for each account / system we access, let’s explore how to create and manage effective passwords.  First, there are some simple things to avoid when choosing a password.  The most common tools utilized to “crack” a password are simple word lists and dictionary programs.  These programs utilize brute force and simply attempt to guess the password by trying word and character combinations until a match is found.  As such, the use of common/typical words, as found in a dictionary, should be avoided.  Similarly, proper nouns, foreign words, and the addition of a numeric string at the end of a conventional word, or the reverse spelling of a word offer little additional password strength.  Personal information, such as a family member’s name, phone number, date of birth, address, etc., should also be avoided as all of this information is readily available from a variety of sources.

What elements does it take to create an effective password?  The quality of a password can most easily be measured by 3 unique factors: length, width and depth.

            Length

Length refers to the number of characters contained in a password. Because the longer a password is, the harder it is to crack, it holds true that longer is better.  The minimum number of characters that should be utilized for a password is 8.  Remember that this is the minimum, and each additional character you add increases the security and length of time it would take to crack.

Width

The width of a password is determined by the variety of characters that it contains.  The greater the variety of character types, the harder it is to crack.  The primary types of characters include upper case letters (A,B,C), lower case letters (a,b,c), numerals (1,2,3), and special characters (!,%,$).  Generally, the greater the variety of character types included in a password, the more effective the password is considered.

Depth

The depth of a password refers to there being more to it than just a combination of characters.  To achieve a greater depth, a password should have a meaning to the user that is not easily guessable by other.  An example of this is the use of a phrase or a combination of non-related words that have meaning to the user.  An additional benefit to this dimension of passwords is that the underlying meaning should also make it easier for the user to remember.

When all of these components are combined to create a password, the results are far superior to the simple passwords that most individuals use today.  An additional technique that incorporates the various types of characters while remaining personal and memorable is to replace some letters from a phrase with special characters that have a similar appearance or sound.  For example, use the “@” symbol instead of an “a”, the “$” symbol instead of an “s”, or the number “3” instead of an “e”.  Using this technique, the password “thisismypassword” becomes “This1$myP@ssw0rd”.  By making it personal and being creative, you can easily create an effective and memorable password.

Additional Tools

While the above techniques will enable you to create effective passwords, we are all still faced with the reality that we need a unique and memorable password for all of the various accounts we have, and this list can easily reach into the double digits.  Trying to remember all of these wonderfully unique and meaningful passwords can prove challenging for even those with amazing memories.  Luckily, technology has offered us several tools that can assist us in this memory exercise and in some instances provide an additional layer of protection.

            Password Managers

There are a variety of password management applications on the market today that can remember and automatically enter your user ID’s and passwords into web-site & applications for you.  Most of these programs also allow you to replace your self-generated passwords with system generated passwords which are typically longer and more complex (think 20+ digits).  You maintain a master password that allows you to access and utilize a library of your saved ID’s and passwords. While these applications are incredibly useful, a note of caution when selecting a password management application is necessary.  These firms are themselves being targeted by hackers looking to steal their users’ information.  You should thoroughly research the available options and their security history before selecting a product.

2-Factor Authentication

A recent development that is quickly being adopted by more and more firms to add an additional layer of protection to online accounts is a process called 2-Factor Authentication.  Once set-up, these systems require you, as a user, to provide a separate access code (typically a 4 or 6 digit character set) in addition to your user-id and password.  When you input your user-id and password, the system then sends you a code via text message or email, which you are then required to enter into an authentication screen.  Alternatively, some firms employ a pre-shared-key mechanism which allows an app on your mobile device to display the current access code.  While this type of application doesn’t specifically address password complexity related issues, it does ensure that access to your account is limited to only those with access to either your mobile device or email account.

 

 


Comments


Comments are closed.