Ditch sticky notes and pets’ names: How to have safe passwords in 2022


Most of the classic New Year’s resolutions revolve around improving your health and lifestyle. But this year, why not consider cleaning your passwords as well?

We all know the habits to avoid, but many of us still adopt them: using predictable passwords, never changing them, or writing them on sticky notes on our monitor. We routinely ignore recommendations for good passwords in the name of convenience.

What’s wrong with your pa $$ w0rd?

Choosing short passwords that contain common names or words can cause problems. Hackers can often guess a person’s passwords just by using a computer to browse through a long list of commonly used words.

The most popular choices have changed very little over time and include number combinations such as “123456” (the most common password for five consecutive years), “love”, keyboard models such as “qwerty” and, perhaps most ridiculously, “password” (or its Portuguese translation, “senha”).

2017-2019 * list of common passwords from SplashData, 2020-2021 # from NordPass.

Experts have long advised against using words, places or names in passwords, although you can strengthen this type of password by mixing the components in sequences with a mixture of upper and lower case characters, to condition to do it carefully.

Complex rules often lead users to choose a word or phrase, then replace the letters with numbers and symbols (like β€œPa33w9rd!”), Or add numbers to a familiar password (β€œpassword12”) . But so many people do this that these techniques don’t actually strengthen passwords.

It’s best to start with a word or two that aren’t that common, and make sure to mix things up with symbols and special characters in the middle. For example, “grinning giraffe” could be adapted to “W1nc1ng_! G1raff3”

These strong passwords can be more difficult to remember, as you may need to write them down. That’s okay, as long as you keep the note in a safe place (and definitely not glued to your monitor).

Passwords on a sticky note are always a bad idea in the workplace.

Reusing passwords is another common mistake – and one of the most important. Past data breaches, like the one LinkedIn suffered in 2012, mean billions of old passwords are now circulating among cybercriminals.

This gave rise to a practice called the “credentials trick” of taking a leaked password from one source and trying it on other sites. If you still use the same old password for multiple email, social, or financial accounts, you may be compromised.

Pro tip: use a password manager

The easiest and most effective way to maintain good password hygiene is to use a password manager. This allows you to use unique strong passwords for all of your different connections, without having to remember them yourself.

Password managers allow you to store all your passwords in one place and “lock” them with a high level of protection. This can be a one-time (strong) password, but can also include facial recognition or fingerprint recognition, depending on the device you are using. While there are some risks associated with storing your passwords in one place, experts consider it much less risky than using the same password for multiple accounts.

Password Manager can automatically create strong and random passwords for each different service you use. This means that your LinkedIn, Gmail, and eBay accounts can no longer be viewed by someone guessing your childhood pet dog’s name.

If a password is leaked, all you have to do is change it – none of the others are compromised.

There are many password managers to choose from. Some are free (like Keepass) or β€œfreemium” (offering the option to upgrade for more features like Nordpass), while others charge a one-time fee or a recurring subscription (like 1Password). Most let you securely sync your passwords across all of your devices, and some let you securely share passwords between family members or workgroups.

You can also use the password managers built into most web browsers or operating systems (with many phones offering this feature in the browser or natively).

These tend to have less functionality and can cause compatibility issues if you want to access your password from different browsers or platforms.

Password managers take a bit of getting used to, but don’t be too discouraged. When you create a new account on a website, you let the password manager create a unique (complex) password and store it immediately – no need to think about it yourself!

Later, when you want to access this account again, the password manager automatically fills it out. This is done either through direct integration with the browser (usually on computers) or through a separate app on your mobile device. Most password managers automatically β€œlock” themselves after a certain period of time, prompting you to enter the master password (or face / finger verification) before allowing access again.

Protect your most important passwords

If you don’t like the sound of a password manager, at least change your “critical” account passwords so that each is strong and unique. Financial services, email accounts, government services, and work systems each need a separate and strong password.

Even if you write them down in a book (kept safe), you greatly reduce your risk of a data breach on any of these platforms.

Remember, however, that some sites offer delegated access to others. Many e-commerce websites, for example, give you the option to sign in with your Facebook, Google, or Apple account. This does not put your password at greater risk, as the password itself is not shared. But if the password is compromised, its use would allow access to these delegated sites. It’s usually best to create unique accounts and use your password manager to protect them.

Conversation logo

Taking a better approach to passwords is an easy way to lower your cybersecurity risk. Ideally, that means using a password manager, but if you’re not quite ready for it just yet, make 2022 at least the year you give up on sticky notes and pet names.The conversation

Paul Haskell-Dowland, Professor of Cyber ​​Security Practice, Edith Cowan University and Lorrie Cranor, professor of computer science and engineering and public policy, Carnegie Mellon University

This article is republished from The Conversation under a Creative Commons license. Read the original article.



Leave a Comment