Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are your passwords safe?

Joe Kissell | May 3, 2013
How to keep your accounts as secure as possible


As we've said, the best way to ensure that you never forget your passwords is to offload the task of remembering them to a password manager like 1Password. Most of the time, that's the only trick you'll need.

But no matter what tools you use, you'll have to memorise at least a few passwords. Because those are among your most important, you don't want to trade security for memorability.

Here are tips that can help you make sure your brain doesn't betray you.

Pick which passwords to memorise

We have no idea what 99 percent of our passwords are. They're long strings of random computer-generated characters. When we need to use them, we let our password manager fill them in for us, or we copy and paste them if necessary.

However, one password we've memorised cold is the one that we use to unlock all of the other passwords stored in our password manager. We've also memorised our OS X user account passwords, because we enter them many times a day and, since we use OS X's FileVault, we need these passwords to start up our Macs before we can access any automated tools. Also, we're frequently prompted to enter the passwords for our iCloud, Gmail and Dropbox accounts, so we've memorised those, too.

Your list may differ, but most people can get by with committing no more than half-a-dozen passwords to memory.

Choose a path to high entropy

Once you know which passwords you need to memorise, your next job is to choose passwords that are strong enough to defeat automated hacking attempts, yet memorable enough that you can produce them instantly - and for bonus points, they should be convenient to type.

You undoubtedly know the basic drill: all things being equal, longer passwords are better than shorter ones; random passwords are better than those that follow a pattern; and the best passwords combine upper- and lowercase letters, numbers and symbols.

It turns out, though, that a password doesn't need to possess all of those qualities in order to be secure; for example, a long but simple password can be just as secure as a short but complex one. This is provable through a concept called entropy, which, in this context, refers to the mathematical approximation of how difficult a given password is to guess.

Passwords at random. 1Password creates secure passwords in a couple of ways - in this case, by auto-generating a random collection of numbers, letters and symbols based on criteria that you specify.

Depending on how you perform the calculation, the passwords '7H#e2U&dY4' (10 random characters) and 'blanketsensory' (14 non-random characters) are approximately equal in strength, but the latter is much easier to remember and type. Even though it contains only lowercase letters, and blanket and sensory are both ordinary English words, the password's entropy is high enough that a concerted brute-force attack would take days or weeks to crack it.


Previous Page  1  2  3  4  5  6  7  8  9  Next Page 

Sign up for CIO Asia eNewsletters.