Now that we’re all back at work again and you’re no longer inundated with articles on New Year’s Resolutions (2019) – Devious Solutions has a late suggestion for your New Year’s Resolutions:
SORT OUT YOUR PASSWORDS
(Sorry for the assault on the eyes. #notsorry)
Every year, I push my colleagues and clients to take the time in January to go through all their important accounts and secure their accounts.
It’s also a cheeky morale boost for some of the other resolutions that might have already started flagging. Once this is done, it’s done for at least the year and something you can tick off the list.
Use one. If there is one point to take away from this article, this is it.
Password managers allow you to securely store your passwords in a single place. All you need to do is memorise a single “super” password, and it will remember the rest of them. Many password managers also automatically fill in the correct passwords when you visit websites. (We recommend using either LastPass or 1Password.)
We recommend an absolute MINIMUM of 10 characters long. The longer the password, the better. I personally feel uncomfortable using anything shorter than 20 characters.
For every character you add, you drastically decrease the chance of an attacker successfully brute-force cracking your password.
It’s not just about the length, it’s also how you use it.
Just mashing the ‘a’ key 30 times is not going to cut the mustard. Use a mix of upper-case, lower-case, numbers and (if the site will allow it) symbols.
Avoid easily guessable real words when possible (like “
Use Real Words
“Wait what? Didn’t you just say to not do this…”
If you’re struggling to actually remember a long password, you’re better off making a memorable sentence of unrelated and random words to make your password. For example: “Trouser mice Printing yellow Sarnies honeysuckle”.
Just don’t use “correct horse battery staple”…
If you’re not going to use a password manager and you’re going to re-use one or more secure passwords – think about the consequence of the current site being compromised. What other accounts are you putting at risk? Is it worth using a different password for this site?
One of my passwords was discovered to be in the Great Adobe Password Leak of 2013. I didn’t remotely care as I had used a simple password as Adobe had forced me to create an account to do something that didn’t require an account.
If you have the capability to control whether your password changes periodically, then don’t use it. Most users, when forced to change passwords regularly, will adopt a predictable method so that they can remember it
If an account is important, you should seriously consider using MFA to secure it. In a nutshell, MFA provides you with a small numerical code to enter after your password. This code can be provided by a number of means, but usually it’s via sms, email, dedicated device or an app on your phone.
This increases security because you’re not just relying on “something you know”, a cracker will also need access to “something you have”. Much harder for a remote attacker in another country to obtain (but not impossible)
As you go through your accounts and secure them, stop and think what would happen if this account was compromised. Would it cripple your business? Would you lose a lifetime of family photographs? Try to assign it a monetary value. This is how much choosing a bad password regime will cost you.
You made it to the end! Congratulations! That’s another small win you can retroactively add to your New Year’s Resolutions in 2019. If you have any questions or want to seek advice, feel free to get in contact.