WyzGuys Tech Talk

I have been predicting the death of the password for several years now, but all of us are still using them, even if they are easily stolen, cracked, or bypassed.  A password by itself is not all that secure anymore.  But there are several simple steps you can take to make them more secure.

Do not:

• Do not use personal information. Information such as  your name, or the name of your pet, spouse, kids, sister, father are not secrets.  Bad guys can get the names from Ancestry.com, LinkedIn or Facebook.
• Do not use any single word.  Passwords using dictionary words have already been cracked and are sold in lists called “Rainbow Tables.”
• Do not be predictable.  The most common password format is Capital, lowercase word, number, symbol.  Most common number is 1, most common symbol is exclamation point! Like Password1!  Another popular format in business networks is MonthYearSymbol, such as May2020!  This one shows up in business networks that enforce periodic (monthly or quarterly) password changes.
• Do not use easy, popular passwords.  Like Qwerty, 123456, Password1!, P@assword, P@$$w0rd.  If it’s on this list, don’t use it.  Most Popular Passwords and PINs for 2019
• Do not reuse passwords.  When a cyber-crook gets your Facebook password, they will try it on Amazon, your email account, and your online banking account.  If you reuse, it is easy pickings.  I know this one is tough, but a password manager will solve this problem.
• Do not change them unless you have to.  US government agency NIST advises against requiring periodic password changes and recommends changing passwords only on indication of a breach.

Do this:

• A longer password is a stronger password.   These days, a minimum length of 12 characters.  Twenty is not too extreme.
• Use a pass phrase.  String three or four words together, or make an acronym out of a longer sentence.  For example, the phrase “Tony is number 87 and plays Right Guard for the Ponies” becomes Ti#87&pRG4tP
• Use password complexity.  Longer is stronger, and to beat automated password cracking by machines, length is all that matters. But adding upper case letters, numbers, symbols, and character substitution (1 = l  or 3 for e, for instance) increases password entropy, or the amount of work effort required to solve for the password.  It also helps to defeat guessing by humans.
• Read data breach alerts.  You can know when a password of yours has been stolen by signing up for password breach alerts on HaveIBeenPwned.com
• Use a password manager.  This makes it easy to create long and unique passwords that you never have to remember, because the software program takes care of that for you.  My favorite is LastPass.
• Use two factor authentication. Saved the best for last.  Two factor (2FA) or multi-factor (MFA) authentication requires you to a second secret after the password.  Usually is is a six-digit randomly generated code that is replaced every thirty seconds with a new number.  The code is on a smartphone app (Google Authenticator) or an RSA key fob that is in your physical possession.  If you lose your password, a bad actor would still need the secret number that is in your pocket.  2FA is nearly unbeatable.

Following these guidelines should help you create passwords that actually work to keep your accounts and private information secure.