Friday, July 14, 2017

Best Practices for Passwords

Best Practices for Passwords

One of the distractions these days to smoothly using computing devices and online resources is the dung heap of passwords one accumulates. Yeah, we all know the stench.

Password management
Some of my clients have made their lives easier by using a password manager, like lastpass.com, which I recommend. Others keep their passwords in a notes type of program which is viewable to anyone if the device is accessed locally or by online hack. This is NOT safe! Still others resort to old school means - writing credentials on paper and keeping that handy, or unfortunately sometimes, misplacing the paper.

This is one area of your life where you have to give latitude to the OCD part of yourself. You can’t be too careful with password storage. 

Make them Unique
Whatever system you use - and I strongly recommend something that’s secure against theft or loss – is to make sure each password is unique. Why? Because if a hacker gains access to an account by cracking and revealing a password, she/he will attempt that same password on any other accounts you own that can be discovered. We don’t have the same key to our car, home, and office – the same prudent approach should apply to software keys.

NIST Guidelines
Where to begin when creating passwords? The National Institute of Standards and Technology (NIST) recently published guidelines that alleviate some of the difficulties. Here’s what they recommend based on research:

  • Minimum length of eight characters; maximum length of 64 characters
  • No need to create complexity with numbers and characters like $*&
  • No need to periodically change passwords (although some online systems may still require this)
  • Avoid common words, found in the dictionary
  • Avoid anything associated with you as an individual - like maiden names, birth dates, children’s names, etc.

Strong Passphrases
Here are some examples of strong passphrases I generated with an Android app called Diceware Password Generator: “Graveness shallot relative tassel untried”. Yes, all those words together are the passphrase including the spaces. To break this would require 164 days of effort from a sophisticated hacker, like the NSA. A simpler passphrase created by this app is “banister extinct evict rejoin”. It would take 30 minutes to crack this one.  

Dumbledore
Yes, these passphrases are complex. However, if you create one that you can memorize, then you can use it for a password manager like Lastpass as your master password. Thereafter follow NIST guidelines above for your online accounts - in my opinion, using long unusual words like Dumbledore or Beatlemania, or combos of words and spaces like Queen of Hearts or Stairway to Heaven.

Be creative!
Of course, some websites will require you to use their system of password lengths and combos of upper-case letter and special characters; but for everything else, get creative, break free, and have some fun with the drudgery of passwords! And again, keep them unique to each system.


Thanks for reading.
Sam

---


If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 


No comments:

Post a Comment