Today I want to talk a little about keeping your accounts safe. We have maybe heard of “Strong passwords” and “Two factor authentication”. But are these in reality? What is a strong password? How do we create them? And more importantly, what does password management look like in reality?
Here are some wise words from one my favourite movie characters:
Strong password & password management
These are basically anything except something like Happy’s password.
The best passwords should be easy for us to remember, but hard for others to guess. So, don’t use use your date of birth, a memorable date, spouse’s name, etc. You get the idea.
We might think of a strong password as random string of characters: w36308h&eg124qwfwe863! But the chances of us remembering this is very very very slim. This is where “Passphrases” come in. Several random words strung together, with a few special characters: “Black-fire-monkey-81” for example.
So, now we have our strong password / passphrase which we can remember easily. But now each of our accounts should have unique credentials. Since the user name is often our email address, the means we need a different password for each account.
How on earth can we remember all of these? Most decent Internet browsers such as Firefox, Safari, Edge, Chrome have built in password management. At least Firefox and Safari will even help you create strong passwords as your create new accounts. Software such as Keepass will actually handle everything for. Keepass uses an encrypted file on your computer or phone to store the passwords. It also creates them too.
Make your own password
Having an app to create and manage your passwords is all well and good, but what if it’s for your computer, or some other service or situation where an app is not going to practical?
You can change your passwords whenever you like. If you are going to note them down, leave the note somewhere away from your laptop. Underneath a packet of pasta.. or something.
A new password could be something like:
<number>_<word><symbol><colour>
Ideally the word and colour should be completely separate from your meaningful life events. This insulates your from a potential phishing attack. .. and have a capital letter there somewhere too.
so, for instance: 482_table£greeN
The number, I just typed something random. The word: I’m sat at table The colour: the coffee cup is green. I used my physical environment to give me some inspiration. What’s something I can see from where I am sitting? Can I see a colour when I look out of the window? How many leaves are by the bike in the garden?
The XKCD comic has a wonderful example of all this here.
Two factor authentication (2FA)
This the system where after signing into a website, you are also required to type a single use coe which is sent to your phone or email inbox. It’s a valuable extra level of security which keeps your account safe even if your username and password are revealed.
If this is an area which you would like assistance with, please feel free to get in touch!