Q: I am fed up and frustrated trying to keep—and remember passwords that are both complex and creative. This is frustrating and I am at my wit's end. What can I do to make it easier for me to remember but more secure against attacks? -Mary Kay C, Business Executive, Brookpark, Ohio
A: Thanks for your question, Mary Kay. Yours is one that almost everyone can relate and you are not alone in your frustration. Fortunately, I may be able to provide some insight and an alternative for you.
First, let us look back. By now, most of us are well aware that the ‘ideal’ password is a mix of 8-12 upper and lowercase letters, characters, and numbers. We also know that while we should not use the same password for various log-ins, many of us fall into the ease and use a variation of the same password. For example: Password1, PassWord1! Or PaSSwoRD.With that said, there will be good news and bad news with what I’m about to share with you:
First, the good news—you are on the right track.
Now the bad news --
To begin a process of protection, you need to start by having a different password for every site that requires you to log in for a visit. Sad but true, each site will have its own requirement for password complexity. That means, your bank, your favorite online retailer, your work login, your Gmail account…Yes, you will have 30 different passwords and yes, they should all be complex and uncommon.
Let me divert a moment. As I mentioned, most people use a variation of one or two passwords. I say this because when a hacker obtains your password, (It isn’t hard to do. Think about your business card – it has your email address, which is typically a login for a work computer—or some variation…or the login for your Amazon account ) the hacker will use a tool to run password patterns in which hackers know are the common and ‘go-to’ combinations. Did you post your kids name on social media? How about your dog? Did you announce your anniversary date? Did friends wish you a happy birthday on Facebook? How about a milestone? All this information, voluntarily posted online by you, is what a hacker needs to infiltrate your digital world. Believe it or not, It’s no harder to find your email of various domains and the related identity than the address of your home. Our identities are very, very public.
To figure out your password, we mentioned that a hacker would use different tools to deduce basic information. If you think just how fast computers can process data and how a computer will keep cycling through over and over until it finds what it is looking for, much like a criminal going thru the trash. The hacker begins by entering the basics based on your public information and in comes your pet names, kids names, dates. All at a rapid pace (and growing every day due to the advances in technology).
Mind you, obtaining “people” info might be secondary to a hacker. Typically a hacker wants to hack a large company, maybe.
Back to reality. Here is where you may be asking about the ability to remember each of these passwords if they are supposed to be “so” unique AND you know you should never store passwords in conspicuous places.
First, you must have a complex password and second, the password must have a longer character length. Hackers are working in seconds, not days when stealing your personal information.
A password such as DG1!,Lpz49z is going to be much harder to get into than MikeJ88!
Of course, a 12 character password is much hard to crack than an 8 character; an 8 character password can be hacked in 40 minutes or less *
To save the day (and memory), I recommend a password phrase.
A password phrase is, for example, “ElvisHasLeftTheBuilding! Or “I played drums in a rock band in 1982.” Notice the phrase is naturally longer in nature and 20+ characters in length. The length and the ability to use spaces adds significant time to deter a hacker from even attempting to hack and can add billions of variables to trip up hackers/hacker tools. As a matter of fact, a 20-character pass phrase (with complexity) will take upwards of millennia to crack. Yes, millennia!
More and more systems are accepting pass phrases; some older systems are ‘outdated,’ but sites such as Microsoft or Apple, for example, are allowing password phrases, (with some companies allowing up to 127 characters!!) as their systems have been designed for password phrases rather than simple word combinations.
Why a password phrase? A password phrase is more secure and easier to remember. Once you have changed all 30 of your “old style” complex passwords into phrases, you will then store those in a password vault.
What? A vault?
This is where you will thank me! A password vault is much like a bank lock box, The passwords are the valuables and vault is a vessel in which to protect the valuables, off-site, from criminals.
The vault is the master keeper of all of your passwords and, you can set the vault to automatically log-in to a particular site with your secure password. What this means is that you only need to remember the password vault phrase, not all 30 of your individual site passwords.
Of course, this makes you even more secure than your neighbor. Even wolves eat the weakest animal in the pack; all you have to do is be one stride better than the weakest link—or password.
In conclusion, know that if a hacker wants to commit a cybercrime bad enough, they will. The point here is, don’t make yourself an easy target.
While there are many password vaults on the market, we’ve tried, tested, and incorporated LastPass for our needs. LastPass offers the highest level of security that is available at this time. There are free and enterprise versions and I recommend using the free version for personal use. The program also has a password generator that allows you generate complex passwords, should you be out of your $%^&*! Mind trying to devise one yourself. As always, random and routine password changes are still important.
Related Read: What you need to know about encryption (see related blog post about types of encryption)
A final thought - you should never give yourself a false sense of security; as consumers (as opposed to hackers), we are always behind. It is best to be proactive, not reactive. Meaning, don’t change your password because your account was hacked, change your password so you can prevent being hacked.
If you have questions about passwords, password vaults, online security, or if you think you may have been a victim of identity theft and fraud, contact me at mjaworske@zinnerco.com or any of the professionals at 216.831.0733. We happy to help and ready to start the conversation.
