Do you ever have trouble keeping track of your office, car, or house keys? What about your passwords? Just like a house or a car key, a password is a tool you use to protect yourself from becoming a victim of theft or trespassing. And as we conduct more of our work & personal lives online, each of us has a growing set of virtual keys (passwords) to look after. In fact it’s reported that in 2016, the average individual had 27 password-protected accounts.
Treat Passwords Carefully
Just like a physical keychain, when it comes to passwords, many people fall into one of two categories: those who have designated a secure place where they always put their keys, and those whose keys are frequently lost. When it comes to storing passwords, there are 3 potential places from which the general Internet user can choose:
- Written down on an actual piece of paper & stored under physical lock & key; or
- Stored in a securely encrypted digital format using special password management software; or
- Stored in your own memory under an organizing philosophy of your own invention, with the help of mnemonic devices or some other memory aid.
Why are good password storage habits so essential to your password security? In the physical world, some neighborhoods are statistically safer than others. If you live in a relatively safe neighborhood, you might not even bother with locking your house or your car all the time. But don’t make the mistake of carrying that same sense of security with you when venturing online. On the Internet, everyone is equidistant, making it one big bad neighborhood. Each of us must therefore develop a street sense to avoid becoming a statistic, and having a safe password storage strategy is essential.
It doesn’t take a great deal of street sense to realize that things left lying about in the open are the easiest of all to steal. That’s why it’s so important that any password stored on your computer or smartphone be encrypted, and that any password you physically write down should be kept in a very safe place. But aside from picking up a password & walking away with it, the next easiest way for a thief to steal a password is by tricking you into giving it up voluntarily. This practice is known as social engineering.
Phishing is one form of social engineering with which you are probably already familiar. Phishing is an attempt to trick you into sharing sensitive information which normally takes place over email. But social engineering could also come in the form of a phone call, text message, or even a person to person interaction. When you were a small child your mother undoubtedly cautioned you to be wary when dealing with strangers. Cultivate that same healthy sense of skepticism as it relates to your password security.
Choose Passwords Wisely
The hardest way to steal a password is cracking. Crackers are the lock-pickers of the online era, and careful password selection is your primary defense against them. We often hear of password cracking in connection with a large data breach such as the recently publicized one at Yahoo, in which data for over a billion accounts was obtained en masse. The password data obtained in such a breach is encrypted, and must be cracked before it can be used to unlock anything. So, the longer and more complex a password you choose at the outset, the greater its resistance to being cracked in the event of a breach. Accordingly, some technology professionals maintain that a passphrase, one comprised of multiple dictionary words, is preferable to a password, for a combination of security & practical utility reasons. If you do opt for a passphrase, avoid following the norms of syntax and grammar, since computers are good at both. Also avoid the misconception that modifying short dictionary-derived passwords with look-alike numbers or symbols to become “p@55w0rds” reduces your risk. Brute force software is not deterred by this quite common practice.
Even if you are using the best practices possible, a breach like the one at Yahoo is not something you can personally prevent. So, make sure to avoid re-using the same password for all your accounts. That way if one “key” is stolen, it cannot be used to unlock everything you own. On a closely related note, since most passwords are initially set up & verified using an email address, it’s best to spread your risk over multiple email addresses. Remember that, in the event an email account is itself compromised, it can in turn be used to compromise any password-protected accounts you set up using that address.
Dealing with so many passwords might seem cumbersome at times, but remember: Now that you live so much of your life online, you are living in a very bad neighborhood. Passwords, just like house keys or car keys, are your tool to deter theft & trespassing. And they are every bit as vital to your financial, workplace, and personal security as any key on your physical key ring. So by developing good password storage habits, and cultivating a healthy street sense when it comes to passwords, you can make your online life both safer & more convenient.