Strong Password Security

Strong password security is essential in protecting your computer, personal information and data from cyber criminals and thieves.

We use passwords every day to log into our computers, tablets, smart phones, web portals, email, shopping websites, banks, work HR and financial systems, Facebook, LinkedIn, Instagram and other social networks, and so on.

Passwords are the primary security method we use to protect access to our digital belongings. They are usually the only way to prove we are who we say we are, so that we are granted access to what belongs to us.

Someone stealing your password is similar to someone stealing your ID card, driver's license or passport. They can use it to move around pretending to be you. They can access information that belongs to you. They can make personal and business transactions in your name.

You only have a few real world ID cards. If someone steals one, you will know.

On the other hand, you have hundreds of passwords. If someone steals one, you may not realize it for a while. If the person who stole it does some damage, you will eventually find out. They may steal your personal information or data, crash your computer, delete your email or purchase something on your credit card.

Or they may silently monitor you without making themselves known. They could read your email, or listen in to your private conversations. They may log into your home cameras and watch you and your family. And if they stay quiet, you will never know.

Just like good quality door locks improve the safety of your home, good password security increases the safety of your digital belongings and protects your computer from cyber thieves who are constantly trying to steal your valuable information and data.

Secure vs. Insecure Passwords

Cyber criminals use advanced tools to automate attacks that try to guess your passwords. They are getting more sophisticated all the time. It has never been more important to have secure, hard-to-guess passwords.

Secure passwords are:

  • Long (at least 16 characters)
  • Difficult for you to remember
  • Difficult for cyber thieves to guess
  • Difficult for computers to break

Insecure passwords are:

  • Not very long (less than 16 characters)
  • Easy for you to remember
  • Easy for cyber thieves to guess
  • Easy for computers to break

Don't use names, birthdays, addresses or other personal information in your passwords.

A good way to improve password security is to use a different password for each online web site and service. This is especially important when accessing your banks and financial institutions, and web sites that contain sensitive personal information like the social security website.

But how do you remember long, secure and hard-to-guess passwords?

How to Remember Strong Passwords

Good password security means you have to use strong passwords. There is no way around this. If you don’t use strong passwords, you are more likely to have your passwords stolen and your computer or website account broken into.

Writing down strong passwords on a piece of paper or a sticky note is not a good solution. You cannot leave passwords in plain sight, even at home. And sooner or later, you are going to misplace the piece of paper on which you wrote down the password.

Sustainable password security means creating, remembering and using strong passwords, and that means using a password manager.

Password manager is a program in which you store all your passwords. You never have to remember your strong, long and difficult-to-type passwords because the password manager does it for you.

Password manager is protected with a master password, so all your passwords stored inside it are safe. You only need to remember one master password to access all the other passwords.

The passwords are locked in an encrypted (scrambled, unreadable) database. No one can see them and use them without typing in the master password to unlock the database. Since only you know the master password, only you can access them. This is unlike storing your passwords in Excel or Notepad, where anyone (or any program, virus or malware) can read them.

Yes, you can protect your Excel password-storing file with a password. They are very easy to break, and the file is not encrypted (scrambled, unreadable). Excel files cannot be secured.

Excel is for spreadsheets, and password manager is for passwords.

Because it is designed to manage passwords, password manager has additional convenient password-managing features. You can group passwords in groups, add notes, automatically generate secure passwords and sync the password manager (and all your passwords) across multiple computers, tablets and smart phones.

Having all your passwords available, in a secure way, on all your devices makes it easy to always use strong passwords. Using a password manager is the ultimate way to increase your password security and protect your digital valuables from cyber criminals and thieves.

Master Password

Because all your passwords in a password manager are protected by one master password, it has to be a good, strong, unbreakable one.

Mnemonic phrases can help you remember a password that is strong yet difficult for computers to break and for cyber thieves to guess. Using mnemonic phrases is, in general, a good password security practice.

For example, “I will always use Strong Passwords because they keep my Computer secure” becomes IwauSPbtkmCs. Then make it even stronger with a few numbers and special characters: %20IwauSPbtkmCs17%.

Still, such a password may not be easy to remember initially. Try to memorize it before you protect the password management software with it.

You also need a fail-safe. Write the password down on a piece of paper, put it inside an envelope, and seal the envelope. If you have a safe, put the envelope inside it. If not, hide it - but don’t forget where you put it!

Use the envelope with a security tint. If you can’t get one, wrap a few sheets of paper around the piece of paper on which you wrote down the password before you put it inside the envelope. You don’t want someone to lift the envelope towards the light and read the password through the thin wall of a regular envelope.

Using a password manager increases your password security immensely. It is a required tool in your computer security toolbox that is based on the concept of defense in depth.

Password Security Beyond Passwords

Using strong, hard-to-guess passwords increases your password security immensely. But there is even more you can do, and it is easy.

Usernames

Two values define access to computer and online service accounts: username and password. For usernames, sometimes you have no choice and have to use your email, because the online service only accepts email usernames.

But sometimes you have a choice and can select any username you want, as long as it does not already exist. This gives you a chance to further increase your password security by creating a random username instead of using your favorite one.

Random usernames add to your privacy and security because they make no sense to anyone. No one can look at your username and recognize you. In addition, no one can guess your randomly-generated username, because it looks like a long string of random characters.

Use a different random-generated username for each online service account.

With a password manager, there is no extra effort on you part. Just like you can have long, strong and secure passwords that you don't have to remember, you can have long, strong and secure usernames - that you also don't have to remember.

If the bad guy can't even guess your username, his job becomes twice as hard. Instead of having to guess only your password, he has to guess both your username and password together, as a combination. Use this extra protection every time the website allows you to set your own username.

Password Hints

Some computer or online accounts ask you to provide a password hint. Password hint is meant to help you remember your password when you forget what it is.

Password hints are a bad security practice. By looking at your password hint, a cyber thief might be able to guess your password.

Password hints encourage the creation of insecure passwords. In order to come up with a hint, you need to be able to describe your password. The goal is to trigger your mind to remember it. If your password is a random string of characters, how do you describe it?

You may be motivated to use a simpler password so you can leave yourself a hint. If your password is a random string of characters, it is impossible to have a hint.

Some people put their actual password as a hint. Don't do that! It is the first thing a cyber criminal will try!

If you think you can come up with something clever for the hint, you are only fooling yourself. Computer thieves are much better at this then you. They will figure it out. Don't play chicken with a professional. The only sound password security strategy is to not use hints.

After all, password hints only distract from what is important, and that is the security of your computer or online web account. It is a convenience that is not worth the risk.

Security Questions

Many online services make you create security questions. Security questions are meant to help you gain access to the online service in case you don’t remember your password.

Security questions look like this:

  • What is your mother’s maiden name?
  • What is the name of your first high school?
  • In which city did you get married?
  • What is the name of your first pet?
  • What is the color of your first car?

By answering these questions truthfully you are making your online account less secure.

The fact that such questions exist shows to what degree companies don't have a clue about security. Perhaps this used to work before the Internet Age. Maybe then only you knew your mother's maiden name. And used it sparingly, for example at a bank.

Today, every website asks very similar or same questions. If you give an honest answer, you are devaluing the secret information you have. When everyone knows your secret, it is no longer a secret.

In addition, it is relatively easy to find out the answers to these questions. The name of your first pet? Probably on your Facebook. In which city did you get married? Not that hard to guess. Your favorite color? Easy.

The best way to deal with security questions is to generate a random character string for each one, just like it is a password. A 20-character random string cannot be guessed. Even better, you don't have to remember it. Let the password manager store it and keep it safe for you.

The Takeaway

If cyber thieves guess or steal your password, they will have access to your computer or online account and personal information stored inside it.

If you use the same password for many websites and services, if cyber thieves steal one such password they will have access to many of your web accounts.

Robust and sustainable password security focuses on:

  • Using strong, hard-to-guess and hard-to-break passwords
  • Using a different password for every computer, website and service
  • Using a password manager

Insecure passwords are easy for someone to guess or a computer to break.

Secure passwords are strong and hard-to-guess, but also hard to remember.

With a password manager you will have strong passwords that are hard for someone to guess and for computers to break. It is the only way to maintain long-term, sustainable password security that keeps your computer, personal information and data safe.