Are your passwords really protecting you?

Are your passwords really protecting you?

The risks associated with potential hacks are a day to day reality for a growing number of people. More and more information is being stored or accessed via mobile apps and web browsers, which have the potential of being exposed to nefarious actors and hackers. The first line of defense for these threats are your passwords, but are your passwords really protecting you?

For many years people and companies have taken password advice that has now proven to be counterproductive, and actually increase the vulnerability of data theft and hacks. Tips and tricks such as special characters, irregular capitalization, at least one numeral, and changing your password every 90 days have led to the creation of passwords that humans have a hard time remembering, but computers have a relatively easy time cracking.

Best Practices
So how do we create a password that is going to protect us? We are in luck, as old mistakes have led to new innovations regarding password best practices. Your passwords should be cryptic and unexplainable phrases that are seemingly random. This randomness will make them easy to memorize, which in turn make them nearly inconceivable to an automated system or bot.

With old best practices out the window, password policies should now favor the user and burden the verifier. Length is now an area of significant importance.  Where old guidelines limited length to 16 characters, new guidelines suggest a maximum of at least 64 while also opening the door to characters such as spaces and even emojis. A common suggestion is the use of passphrases, which permit all forms of punctuation as well as the use of any language. All of these factors improve usability and expand on variety.

Along with these suggestions come common pitfalls to avoid. The primary pitfalls are composition rules such as forced use of special characters or combinations. We’ve all made a password through an app or website that requires the use of one uppercase letter, one number, or 2 special characters ($,?,!,). It turns out these should be avoided as they make it easier for a computer to guess.

Next, get rid of those telling password hints which dramatically increase a malicious actor’s ability to guess the password. Why help the hacker out with a hint that will increase their odds of accessing your information? Finally, don’t worry about changing your password every 90 or so days. With your freshly minted cryptic and long password, it should only be reset when it is forgotten or if you believe it was phished or stolen.

Automated Password Generator
The random nature of a great password lends itself to a tool known as an automated password generator. This software or hardware device utilizes the input of a random number generator and automatically outputs a completely randomized password.

If you are considering a tool of this sort, our suggestion is LastPass. LastPass is a piece of software that manages and stores encrypted passwords within private accounts. This allows for the syncing of passwords across all the major operating systems as well as mobile devices. It provides two-factor authentication, secure sharing, and actionable password strength reports.

Overall this tool does a fantastic job of tracking up to hundreds of unique passwords. This type of tool has become crucial for any person or business that utilizes multiple passwords.

Technology is in a constant state of change, with new features and tools being created every day. Naturally as more and more private information makes its way into the digital space, users want to do everything in their power to ensure that their information is secure. Start by unlearning the old password techniques, and incorporating the new. Utilize the tools such as LastPass to assist in this process; they are there to make these types of process transitions easier and more digestible.