Comprehensive Guide to Secure Passwords

Comprehensive Guide to Secure Passwords

by Dan Vlasic on 25 February 2014 · 3220 views

In this guide, we will cover the following points:

  1. The sad passwords statistics
  2. Requirements for secure passwords
  3. Tips for creating security questions and answers
  4. Password generators
  5. Password managers
  6. Anti– keyloggers

Statistics

You must know by now that the only thing that keeps your online and off-line accounts safe is a trifle we call passwords. For most sites, if your password gets compromised, your account is open to whoever has the password. The hacker then can impersonate you, steal from you, erase your valuable digital data, for example your photos, files and other things you keep online.

Until the next big thing from Google, the YubiKey Neo dongle, is here, users desperately need to become security literate and fix their passwords before the plague of cyber hacking hits them.

 2 large Comprehensive Guide to Secure Passwords

It may surprise you, but the recent survey of passwords used online reveals the terrifying statistics that some of the most popular passwords still remain “password,” and “1234567,” as well as “qwerty123” and the likes of the dumbest passwords there are. Worse, users are careless enough to use one and the same password for multiple online accounts. In today’s era of cyber crimes, nobody can afford such luxury as passwords that are simple to remember, and hack.

Requirements For Secure Passwords

First of all, you need to have a separate password for each online service you use. That way, if one password is stolen or compromised, you can contain the damage to one account only. For example, if your Mint.com password gets compromised, you can reset it via your email and security questions, simultaneously notifying the support you fear your account might get compromised. On the contrary, if your email and your Mint account have the same password, you run the risk of losing them both at the same time.

Second, you should never use information that you made public as your password. For example, if your Facebook and Twitter accounts reveal information about your date of birth, hometown or mother’s maiden name, or dates of birth of your children, that information can never be used in your passwords, or security questions.

Third, use secure passwords generators to create strong passwords that cannot be broken by brute force. It is advisable to use complex passwords that contain alphabetical, numerical and special characters. In addition, it is always better to be on the safe side and make your passwords longer than 16 characters. Of course, you will need a password generator to create such passwords.

Fourth, never store your passwords in a file on your desktop. This is one of the most widespread mistakes users tend to make. If any hacker attack takes place, and your computer gets compromised, TXT files placed on your desktop are the first thing perpetrators search for when they look for your passwords. There is a multitude of password managers that will help you store and manage your passwords on your computer or mobile device securely.

Alternatively, you could use an old-fashioned way of storing your passwords in your paper notebook and keeping it someplace safe. However, the latter option may be only good for a limited amount of accounts that are of the most importance for you, such as online banking accounts, PayPal, recovery emails, etc. For users who have multiple accounts with multiple services, we recommend password managers and encryption software, safe vaults, such as TrueCrypt.

Fifth, do not underestimate the importance of changing your weak passwords right now. High priority accounts, such as online banking and financial accounts, are important, but your social network accounts are equally important because they are very easy to hack. Do not forget about the cloud storage accounts and services that synchronize your data across multiple devices, such as GoogleDrive, OneDrive (formerly SkyDrive), or Dropbox.

Tips For Creating Security Questions and Answers

The best advice I ever got about my online security was how to create secure questions and secure answers. The rule of thumb, as usual, is to never use information you have made public about yourself as a security question.

The second rule is to choose two apparently simple questions and create absolutely unintelligible, gibberish answers that don’t make sense. For example, if you choose security question, “What is the name of your first teacher?”, your answer should not contain anything that would normally contain the teacher’s name. Instead, use the same password generator to generate yet another strong password to put as an answer to your security question. Security answers, as a rule, allow all sorts of symbols, numeric and alphabetical characters to be included, so why not take advantage of that and create yet another layer of protection for your online account?

Password Generators

You do not need to install any software to generate a new and unique password each time. The choice of secure password generators online is overwhelming and it only takes a second or two to generate powerful passwords online.

Here are 3 examples of online services: Secure Password GeneratorNorton Identity SafeStrong Password Generator.

Alternatively, there are many desktop security suits that have the password generating tool, such as KeePass, Norton Identity Safe password generator and the like.

The best part about automatic password generators is you can check the boxes next to password requirements and generate as many passwords as you need to be able to choose the one you like best. For example, KeePass 2 offers you to generate passwords using upper and/or lower case, digits, special characters, all sorts of brackets and even high ANSI characters. It can include special characters of your choice; you can set the length of generated passwords or generate using custom algorithm. Advanced users can collect additional entropy. You can also check the box to ensure that each character of your password must occur only once, and exclude look-alike characters, such as l, 1,| or O and 0. The next thing you need to do is click “generate” and password generator provides you with a long list of complicated passwords.

Password Managers

Password managers memorize your complicated passwords and accounts they relate to, then encrypt that data and lock it up with yet another user-defined password. There are several competing applications that are quite strong password managers and generators. They will create secure passwords, remember and store them for you; in many cases, synchronize them across your multiple devices, and in some cases even enter your passwords into logging forms so you don’t have to copy –paste them or type them manually.

Yes, you will have to have one password for the password manager, but it’s a lot easier to memorize or to keep handy one long password rather than 30 different complicated passwords.

One of the obvious suggestions is KeePass 2. It is free, easy-to-use, has inbuilt password generator and works like a charm.

For Apple users, we recommend you finally sort out Apple’s iCloud Keychain, which offers a lot of password manager options for users of Mac devices, iPhones and iPads.

1Pasword offers a very nice interface; remembers credit card numbers; offers auto – input of passwords in login forms; synchronizes highly encrypted database of passwords to Dropbox or iCloud. It comes on the expensive side, $49.99 for Apple and Windows users, plus $17.99 for a mobile version. Sometimes they offer bundles and discounts, too.

LastPass does everything the above mentioned 1Password does, but offers quite a simplistic interface, as well as two-factor authentication and restrictions by country. LastPass offers quite a decent free version and a good deal of $12 per year for mobile access.

Dashlane is probably one of the most beautiful password managers, which works across computers and mobile devices; comes free for one computer and charges $29.99 per year for synchronizing across multiple devices.

Other password managers worth including on the list are Norton Identity Safe, Roboform, DirectPass, SplashID and Kaspersky Password Manager.

Perfect password manager synchronizes your passwords database across your mobile and desktop devices, of course.

Bonus

There is one service worth mentioning in this guide – MaskMe, which is actually a browser plug-in that masks your emails (in free version), telephone numbers and credit card numbers (in paid version). It also generates strong passwords and remembers auto – complete forms.

Anti– keyloggers

We will be covering anti– keyloggers in a dedicated tutorial, but for now, you could use a simple tool to protect your most important passwords. Download3k recommends Oxynger KeyShield virtual keyboard and KeyScrambler. Both tools are free; do not require you user intervention, or customization. They are just simple, nifty protection tools for those instances when you enter your passwords to online banking websites.

There you go! We hope this helps, and we welcome your suggestions and questions in the comments below.

Comments (0)
Featured Articles