World Password Day – May 7
Happy World Password Day.
No, this isn’t a day to celebrate something silly like the Master Password for the Earth is something like “Passw0rd.”
It’s a day to take an inventory of your own passwords and review the best practices for making your passwords more secure.
And it’s a day to be all smarty pants and remind others to do the same! Password security is not a spectator sport.
Password security has existed since ancient times in reality and throughout our literary history. From passwords and counterpasswords securing a changing of guards to “Open sesame,” the power of a password can verify identity and unlock untold wonders.
So, what should you be looking for when you examine the security of your passwords? Here are four password best practices to help you protect your sensitive materials.
Password Best Practices
1. Don’t share your passwords. The more people who know your passwords, the more vulnerable that password is. But a shared password isn’t just a security risk for you, it’s also a security risk for whomever you share it with. By sharing a password, you are linking security ecosystems: a link which makes your password security reliant on the security of the person you shared a password with. It just takes on broken link for the chain to fail, meaning a compromise of one of your or your share-buddy’s passwords can lead to a breach of every single password-protected space you both use.
2. Don’t use the same password for multiple sites or accounts. This is actually for the same reason as #1 on this list. Sharing a password across multiple sites or accounts poses the same danger as sharing a password with a friend: one point of fail can compromise the whole system. Every account and service should have its own unique password. Of course, that poses a memory problem: how are you going to keep all those passwords straight in your head? Don’t worry, there’s a solution for you at the end of this post.
3. Don’t change your passwords too often. Sometimes, it’s beneficial to change your passwords. If a site is compromised, for instance, it just makes sense to refresh your security on it. But changing passwords too often isn’t just a bad idea, it’s actually against the recommendations of the National Institutes of Standards and Technology (NIST): “one of the nation’s oldest physical science laboratories” supporting innovation in every industry. In fact, NIST’s Special Publication (SP) 800-63B, explicitly states that administrators, “SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).” When you are required to change your password often, you’re more likely to default to one you’re already using to help remember it, and we already know that is not a good practice.
4. Don’t use passwords that are easy for computers to figure out (and hard for you to remember). This bit of advice is best illustrated by this oft-quoted xkcd comic. Most passwords that are a word, at least one capital letter, a number, and a special character are difficult for humans to remember. They are, however, easy for computers to figure out. One of the best pieces of advice is to not use passwords at all, but to use passphrases instead. Passphrases link together regular words into one long (sometimes nonsensical) phrase. These passphrases are more difficult for computers to figure out, but are much easier for you to remember. For some further examples, see this article in Cyber Defense eMagazine (page 45).
And here’s your bonus tip while you’re making passphrases, not duplicating passwords, not changing them too often, and not sharing them: use a password manager. Good password managers store your passwords in encrypted states, so if someone learns one, they cannot get access to the others.
Also remember that passwords aren’t the be-all and end-all of internet security. While we take today to actively review the security of our passwords, also make sure to employ further security measures like two-factor authentication. Because the more secure your online identity is, the safer you are.
