New Year’s Resolutions 2019

General

New Year’s Resolutions 2019

By Mark

Now that we’re all back at work again and you’re no longer inundated with articles on New Year’s Resolutions (2019) – Devious Solutions has a late suggestion for your New Year’s Resolutions:

SORT OUT YOUR PASSWORDS

(Sorry for the assault on the eyes. #notsorry)

Every year, I push my colleagues and clients to take the time in January to go through all their important accounts and secure their accounts.

But you say this every year, and it’s a hassle to remember all of these weird, long passwords! I CAN’T DO IT ANYMORE. Our long-suffering & loyal readers

You are correct – long-suffering & loyal reader. This year, I’ve actually penned an article that I can link you to rather than just ranting in person. In this article, I will give you some actionable advice.

It’s also a cheeky morale boost for some of the other resolutions that might have already started flagging. Once this is done, it’s done for at least the year and something you can tick off the list.

This angry looking pointy man demands that you secure your accounts in 2019

Best Practices

Password Manager

Use one. If there is one point to take away from this article, this is it.

Password managers allow you to securely store your passwords in a single place. All you need to do is memorise a single “super” password, and it will remember the rest of them. Many password managers also automatically fill in the correct passwords when you visit websites. (We recommend using either LastPass or 1Password.)

We’re not the only telling you to do this.

Length

We recommend an absolute MINIMUM of 10 characters long. The longer the password, the better. I personally feel uncomfortable using anything shorter than 20 characters.

For every character you add, you drastically decrease the chance of an attacker successfully brute-force cracking your password.

Makeup

It’s not just about the length, it’s also how you use it.

Just mashing the ‘a’ key 30 times is not going to cut the mustard. Use a mix of upper-case, lower-case, numbers and (if the site will allow it) symbols.

Avoid easily guessable real words when possible (like “manutdforever”). Crackers have been using dictionary tables for cracking passwords for decades. These pre-populated password tables contain broken passwords with simple substitutions (like ‘0’ in “passw0rd”).

Use Real Words

“Wait what? Didn’t you just say to not do this…”

Ah you are paying attention! Good.

If you’re struggling to actually remember a long password, you’re better off making a memorable sentence of unrelated and random words to make your password. For example: “Trouser mice Printing yellow Sarnies honeysuckle”.

Just don’t use “correct horse battery staple”…

Evaluate

If you’re not going to use a password manager and you’re going to re-use one or more secure passwords – think about the consequence of the current site being compromised. What other accounts are you putting at risk? Is it worth using a different password for this site?

One of my passwords was discovered to be in the Great Adobe Password Leak of 2013. I didn’t remotely care as I had used a simple password as Adobe had forced me to create an account to do something that didn’t require an account.

Password Expiry

If you have the capability to control whether your password changes periodically, then don’t use it. Most users, when forced to change passwords regularly, will adopt a predictable method so that they can remember it!

Predictability is bad for us, good for crackers.

Multi-factor Authentication

If an account is important, you should seriously consider using MFA to secure it. In a nutshell, MFA provides you with a small numerical code to enter after your password. This code can be provided by a number of means, but usually it’s via sms, email, dedicated device or an app on your phone.

This increases security because you’re not just relying on “something you know”, a cracker will also need access to “something you have”. Much harder for a remote attacker in another country to obtain (but not impossible)

Risk Assessment

As you go through your accounts and secure them, stop and think what would happen if this account was compromised. Would it cripple your business? Would you lose a lifetime of family photographs? Try to assign it a monetary value. This is how much choosing a bad password regime will cost you.

You made it to the end! Congratulations! That’s another small win you can retroactively add to your New Year’s Resolutions in 2019. If you have any questions or want to seek advice, feel free to get in contact.

Written by:

Mark

Mark is a "Veteran Technomage" at Devious Solutions. If he's feeling formal he'll refer to himself as an "Owner / Developer". This fine specimen of a coder is interested in embedded technology, IoT and machine learning.

View All Posts

We don't bite!