Posted: 11 May 2022. Updated: 22 August 2023.
Time determines the effectiveness of security.
With enough time, nothing is unhackable, in fact, when quantum computing gets better, all bets are off. However, if you saw our recent social media post, with the quote from Christopher Pirillo, “Passwords are like underwear, don’t let people see it, change it very often, and you shouldn’t share it with strangers”.
Christopher is an American entrepreneur and former television personality. He is the founder and former CEO of LockerGnome (a now-defunct network of blogs and web forums). He is best known as the former host of Call for Help, a call-in tech support show.
His ignoble quote reminds us graphically that passwords are the keys to our online kingdoms and should be guarded and kept private. You may have heard this a thousand times, but …
Minimum 4 password requirements:
passwords should be at least 8, preferably 12, characters long;
they should contain upper and lower case letters, numbers and symbols;
they should not be easy or common to you, i.e.- 1234, birthdays, dog’s name, etc.; and
you should have different passwords for everything, but specifically very different passwords for your finances (i.e.- bank, PayPal, Ebay), social media, primary email account and work accounts.
How safe is your password?
The table below shows the time it would take to crack a password based on its parameters.
If your password is mydogsname, with 10 lowercase letters only, it would be hacked in 40 seconds!
The way we work at Online is Easy, this is the next password one of us would use from our password generator rT&XHwu9ZoiyFQqt%7 and it would take a quarter of a millennium to hack. The example shows you why a strong password is so important!
As well as being strong, we don’t repeat any passwords and change them regularly. Every single password we use is different and, like the example above, it is 18 characters long or longer. Adopting this strategy will give you peace of mind for your own security as well as securing your client’s data too.
Safeguard all your accounts and create very hard to hack passwords that will outlast a hacker’s lifetime.
Tools to help you stay safe.
Check the strength of your password using this free tool that helps users assess and improve their password strength:
www.vpnmentor.com/tools/passwordmeter
Or try this tool to help you create a strong password that is easy to remember (this one was designed for children to use):
Passwordless sign-in is coming.
Note that recently the Australian Computer Society (ACS) reported that, “Apple, Google, and Microsoft have joined forces to end our reliance on passwords by adopting a passwordless sign-in standard that will help improve the security and user-friendliness of internet applications.”
“The sign-in protocols are called FIDO and work by creating cryptographic key pairs when you register for online services.”
“A private key is stored locally on your device and can only be accessed when you unlock it – whether that be through a fingerprint reader, a PIN, a face scan, or another method.”
“When you next want to login to that service you simply open your phone. No more passwords.”
Don’t store passwords in your web browser.
Following World Password Day on 5 May 2022, the ACS also broke a story with the headline, “Don’t store passwords in your web browser”. They said, “After years spent warning users to create strong and unique passwords, security analysts are now also cautioning against relying on web browsers’ built-in password managers to store them.”
“Although browsers can now store your passwords – and use them to automatically log you into websites – experts warn that cybercriminals are targeting the feature with great success.”
Although, with the update of this blog post 12 months on, Google Password Manager could be seen as an exemption from this statement?
Going passwordless is exciting news, but until then, keep your passwords over 8 characters and use a mixture of uppercase, lowercase, numbers and symbols and stop using your web browser to store them for you.
Encrypting password managers.
The best option is to get an encrypting password manager that will do it for you. But you need to find a good one, according to cybernews.com in 2019, serious vulnerabilities were found in the code of the password managers Dashlane, LastPass, 1Password, and KeePass. While opinions and personal preferences vary, we use and support RoboForm.
We think it’s the best password manager as it uses military-grade AES-256 encryption and has never been hacked and it works across all our devices and operating systems.
Get help securing the way you work online.
Schedule a free online chat with us to discuss your cyber security or go to RoboForm to get yourself a secure password management tool and try it out for free.
#passwords #cybersecurity #security #passwordmanager
Update: August 2023 -
Google has introduced new features to enhance the functionality of Google Password Manager. Now, users can access a dedicated desktop shortcut for easy management of stored account credentials and autofill settings. Biometric authentication, previously available only on mobile, is now accessible on the desktop. This extra layer of security requires biometric or Windows Hello authentication before auto-filling passwords.
Other improvements include the ability to save password notes, import from other password managers, and discover reused or weak passwords on iOS. Google Password Manager also generates strong, unique passwords across platforms to safeguard your accounts while browsing.
In short, by adding the extra layer of security and requiring additional authentication, Google Password Manager offers a credible alternative to piad password managers and negates the previously held negative reviews.
Want a quick guide? Check out this video from Ali Sarraf, Product Manager for Google Password Manager.
Want to know more?
The following Google blog article offers tips and tricks for getting the most out of Google’s Password Manager and reaffirms a passwordless future: Why password managers are your safety net during a data breach (4 min read)
