How to Never Worry About Password Security Again!
by

How to Never Worry about Password Security Again!

Password security – a source of anxiety for many of us. So much of our lives relies on the strength and secrecy of our passwords. How would you like to never worry about your password security ever again?

In today’s workplace, almost everything we do requires some form of password-guarded access.

Because password security is so crucial, it is part of my job to help coworkers here ensure password security.

Many people fall foul of poor password security at one point or another.

If you’re lucky, it results in your computer’s language hilariously changed to something you have no hope of understanding.

The result being time lost, spent on reversing the language change.

If you’re not so lucky, a compromised password can lead to hackers and digital thieves accessing sensitive information, stealing money, corrupting data, or locking you out from your accounts.

The consequences can cut deep and take many months or even years to repair.

Password practices are often taken for granted, which is one of the reasons why reminding ourselves of best practices from time to time, such as on the annual Password Day, can help us ensure complete password security.

Follow these steps to never have to worry about password security again.

Stop being predictable

Avoid Predictable Words for Password Security

We’ve all been trained to build our passwords the same way.

Years of automatic prompts have asked us to include capitalized letters, and numerical or punctuation characters, in our passwords.

Unfortunately, password crackers out there have noticed the pattern.

Because the result is that we all:

  • Start out with a favored word to form the foundation of our password
  • Use up our capital letter on the first character
  • Add on a number and exclamation mark on the end of the password to hit the requested quota
  • And voila – we’re left with our ‘uncrackable’ password: “Ninja1!”

While we think we are secure, having hit all the types of characters required, we are leaving ourselves open to having our password guessed.

Whether through social engineering to crack passwords, or by way of other password hacking methods, we are left vulnerable.

Our best bet is to stop being so predictable.

Stop using one word passwords

For Password Security Avoid One Word Passwords

Words are very predictable. The next step we can take in upgrading our password security is to banish the use of single word passwords.

Not only are one-word passwords often short, but also they are predictable.

Did you know that databases exist that contain every word in every language?

The purpose of these databases is to be used by hackers to crack passwords simply by trying every word.

This is called a Dictionary attack, which can also take the form of a Rainbow table attack.

Of course, it might seem that one-word passwords are far easier to remember than anything else is.

But, when thinking of security, ease cannot be the main criteria for decision making. Security must be.

In fact, as Better Business Bureau explained, some of the most common (and least secure) passwords are not always words.

The following passwords were the top 10 passwords used in 2014 – You might guess, that these passwords should not your first choice for your online banking account.

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 123456789
  7. 1234
  8. Baseball
  9. Dragon
  10. Football

Not only are more complex passwords more secure, they can be just as easy to remember too.

What makes a strong password? On to our next step.

Long and strong passwords

Challenge of BYOD is to IT security, privacy, and IT infrastructure

How can we create passwords that are strong and still memorable? There’s a bit of a trick to it.

First off, strong and memorable passwords should consist of multiple words.

PieceOfCake you might think.

Nope. First rule of multi-word passwords is to use a strong of words that are either nonsensical, or that are very particular to you.

CoffeeLobsterMarathon – a good place to start for a nonsensical string of words. And the image it conjures is so bizarre it’s easy to remember.

DavesFavoriteColorIsGrey – Knowing your mate Dave’s favorite color is a very unique circumstance to you. And very hard to guess.

Second stage is to interlace these passwords with – you guessed it – special characters.

Leaving us with C0ff33L0b$t3rM8r8th0n and D8v3sF8v0r1t3C0l0r1sGr3y.

Both of these blow “Ninja1!” out of the water in terms of password security.

Use unique passwords for every account

Benefit of BYOD is working with the device you're most comfortable with

I know. This advice normally elicits the response that it is impossible to remember passwords for every account. But, for reasons we will get into later, it really isn’t.

And the benefits are huge.

Does anyone you know use one password for every account?

Many people do.

The problem is that it is a real threat to password security. Because it only takes one leak from one of the many places you’ve used that password for more accounts to be accessed.

If your username, email address, and password are exposed by a security breach of one of the services, accounts, or companies you have dealt with – hackers will be able to take these details and try to access any other accounts with the same details.

If passwords are different for every account you use, this technique will not work. Meaning you can enjoy much better password security.

So, how on earth can we remember each and every password?

A smarter way to memorize your passwords (a password manager)

Challenge of BYOD is forming new habits

It would be very impractical to try to memorize passwords for every single account we own.

For accounts we access every day, it would probably be doable. But, many times we have accounts to things we only need to access occasionally.

At which point memory will likely let us down. We need some help.

Password managers are secure applications that help us store and organize passwords. It is simply the best way to manage all the accounts and passwords we have.

All we need to do then is remember the password we need to access the password manager.

If you’ve followed the advice above, your password manager password will be strong and memorable.

Change your passwords regularly

The last annual survey

The dreaded password change. Often people see this as either optional, or a needless inconvenience.

But there are very strong arguments for why changing passwords regularly is essential for password security.

For example, brute-force attacks are used to decipher passwords. They work simply by trying every possible combination of characters.

The limitation of this type of approach is that it requires a lot of time to achieve its desired result.

Although – even then, this can be surprisingly short.

Using our example above, according to How Secure is my Password, “Ninja1!” can be cracked in 7 minutes.

Changing passwords frequently can minimize the risk that a brute-force attack has enough time to breach your password security.

Not to mention that it can also minimize the danger posed by password leaks.

Don’t casually share your passwords

For Password Security Avoid Sharing Passwords

You would never share your password with anyone, right? Especially not a stranger.

When we’re not focused on security, it can be easier to fall into a trap than we realize.

 

If you think one of your accounts might be compromised, be sure to change the password as soon as possible. With sites like Haveibeenpwned you can check if your data has been breached.

Ensure you have anti-malware installed

Use anti-malware for password security

What’s the connection between password security and malware?

Well, some types of malware are able to track keyboard inputs for account and password information, and transmit that information to a malicious third party.

The strongest password will do us no good if Malware is able to track the input from our keyboard.

Which means that part of our password security regime must be to ensure our devices are malware free.

Malware often uses security flaws in unpatched software to infect a system. Therefore an up-to-date operating system is also needed to fully protect your device from being compromised by malware.

Enable two-factor authentication

Benefit of BYOD is less switching between devices

Two-factor authentication provides an extra layer of protection for your password security regime.

On top of a password, authorized access requires another factor to login to your account.

For example, a second factor might be a time-limited security code generated by an authenticator app on your mobile device – such as two-factor authentication with TeamViewer.

As Intel describe, even our own bodies could be used as passwords as part of two-factor authentication.

Access is only granted when the username/email address, password, and security code is entered correctly.

This is perhaps the most sure-fire way to ensure total password security, as even if your password is compromised, access will not be granted to your account without the correct second factor authentication.

Password Security Key Takeaways

Being absolutely sure of password security is a major relief. All sorts of potential problems can be avoided.

Once you’ve set up the system you want to use, practice makes it a part of every day business.

In summary, password security means:

  • Dropping the predictability. “Ninja1!” doesn’t cut it
  • Leave one-word passwords behind
  • Long and strong passwords are better and can be easy to remember too
  • A different password for every account stops hackers in their tracks
  • Password managers are a must-have tool for password security
  • Changing passwords regularly is not optional
  • Be careful not to reveal passwords to untrustworthy sources
  • Make sure there is no malware on your devices
  • Use two-factor authentication wherever you can

I hope you found this advice useful. Do you have any advice to share? Add a comment below.

Want More Like This?

Get exclusive Computer and Internet Security tips, insights and expert advice delivered straight to your inbox.

17 replies
  1. Chevy
    Chevy says:

    We really need a client-level two factor solution. Add a new auth server to make this an option but we can’t use this product until thats done. two-factor at the account level doesn’t count

    Reply
    • Doug McKerson
      Doug McKerson says:

      Hi Chevy – Thank you for your comment. You can add an extra security layer to your TeamViewer client by using the black and whitelist function. You can either define the partners who are allowed to connect to your computer or who are not allowed to connect to your computer.

      You can configure the black and whitelist in TeamViewer under Extras | Options | Security | Black and whitelist.

      Also, you can set up TeamViewer so that you need to confirm all the incoming connections. This way no one can connect to a computer without you confirming the incoming connection. This you can configure under Extras | Options | Advanced | Advanced settings for connections to this computer | Access control | Confirm all.

      Thanks again for your comment – please get in touch if you have any further questions.

  2. Chevy
    Chevy says:

    Suggestion – add Google-Auth as an option to the client. You can select Teamviewer or Windows … just add Google-Auth to that list and security people will be happy again

    Reply
    • amsca
      amsca says:

      i added 2step authentication but whats the point when i can just enter partner id 9digit number and it allows me remote access without 2step password

  3. Megan Barnett
    Megan Barnett says:

    Hey, Andreas!
    The article is very informative. Some of the nice tips you mentioned to keep password secure from password thieves or hackers. I liked all of your points but I would like to add one more point to the list. Adding single sign-on is also an important method to keep data and credential secure. Since it is based on Security Assertion Markup Language(SAML), it is highly secured. Give it also a try!
    Thanks and keep doing a great job.

    Reply
  4. Sumit
    Sumit says:

    Thank you for sharing these password generator techniques and these should be follow nowadays. I mostly follow all these guidelines for security measures but there are some of tips that are new for me.

    Reply
  5. z
    z says:

    “How to never worry about password security again.” I thought this would be an article about a clever way to make passwords easy to remember or not such a pain in the butt. Oh well.

    Reply
  6. ScubaFish
    ScubaFish says:

    Great suggestions to use longer and more complex passwords. Now if only the various sites (banks, email accounts, etc.) would cooperate and allow longer, more complex passwords with punctuation/special characters. Too many times I’ve run into sites that limit a password length to a mere dozen characters and don’t allow simple things such as a plus sign, or hyphen, or percent sign or other such characters. Unfortunately, this, in turn, is what causes users to stick with more simplistic passwords.

    Reply
    • 1234
      1234 says:

      I absolutely agree. Banks of all places…

      I am also hesitant to use a password manager due to compromising everything with just this one account being hacked.

  7. Kel
    Kel says:

    One thing that often gets forgotten is older adults (say 60+) using computers. Often pushed to do so for their med ordering, banking, financial planning, keeping in touch with family etc… they try to keep up with tech but are often bewildered and targets. Using a password manager is great but, I find that just confuses some of them even more. Majority don’t have smart phones to do a double authentication (or understand them if they do). While everything gets more electronic and complicated they seem to be left behind, both on laptop, tablet, phone and even newer TV functionality. I wish I had more tech savvy chops to develop something that would be helpful for them – whether it was a basic laptop without all the bells and whistles, an easy to manage smart phone or some type of password helper that they could easily manage without the tech most of us currently utilize.
    I’m so grateful for TeamViewer being simplistic to set up and talk people through connecting; being able to quickly jump on both of the parents laptops at any time to do maintenance, troubleshoot etc…I wish I would’ve researched it sooner. Parents had a password breach and called a ‘fake’ tech support pop up and had their computers and accounts just ruined. Got everything fixed up the hard way but I’ve still been trying to figure out how to get them on board with stronger passwords and something other than a smeared pencil written Rolodex they can’t seem to read after they write down their new passwords.
    If you end up changing the interface at all to add more security please keep the senior end users in mind 🙂

    Reply
  8. steve cook
    steve cook says:

    we all should use strong passwords instead of normal passwords related to our personal life for more security this prevents us from the bruteforce attacks …use a password with mix alphabets , numbers , punctuations etc.

    Reply
  9. Mark Lee
    Mark Lee says:

    Thank for the detailed tips on password security. I think strong and long password and two step authentication are very important in password security.

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *