Protecting your data should be a top priority
Tax season is getting closer, which means installing current-year tax preparation software and—inevitably—being prompted to create a new login password.
What’s a bad password?
It turns out that “password” isn’t a good password.
Once you recover from that shock, here’s something that might actually surprise you: according to a 2012 survey, “password” was the most commonly used password. Things didn’t get much better in 2013, when the champion of zero-effort security was unseated by “123456.” While 123456 continues to reign supreme, at least “password” fell to eight in 2016—small victories, right?
These revelations might explain why so many data security articles begin with a variation of “in light of [insert extremely large, damaging data breach]:” the average computer user is slow to change, despite a world full of cybercriminals who are more than happy to make money while torching victims’ credit reports.
What’s a secure password?
You know that random string of letters, numbers, and special characters you see when you jump through the “forgot password” hoops? It’s a relatively secure password. Unfortunately, it’s also very difficult to memorize, which is why passphrases have been gaining popularity in recent years.
A passphrase is a password constructed using a series of words. The more words you include, the more secure the passphrase. Unfortunately, the key to selecting a secure passphrase is to make sure that the words can’t easily be guessed by people who know you, or, in the case of cybercriminals, know something about you. As both The Intercept and Ars Technica reported, people are really bad at being truly random.
Should you use a famous quote from your favorite book? No.
How about combining the names of your immediate family? Think again.
What if you string together the names of all my favorite sports teams? Nope.
You have to introduce the element of randomness to ensure that your passphrase is secure. According to The Intercept, one way to do that is by using the Diceware method. While there are randomizer applications available, Diceware tasks you with downloading a list of words, each with a corresponding five-digit code. To select the words that will make up your passphrase, you roll five six-sided dice and match the results to the corresponding word. The more words you pick, the more secure your passphrase (The Intercept notes that seven words is generally accepted to be an NSA level of security).
Here’s one of the best things about passphrases: they’re much easier to remember than the string of letters and numbers. If a program requires you use one of those types of passwords, then you could always find a password manager software. The really nice thing about many password manager programs—aside from storing all those impossible-to-remember passwords—is that they can be secured using a passphrase.
Is “password” really one of the most common passwords?
To everyone discouraged by “password” being within sniffing distance of a top-ten passwords list, take heart: while the list itself still represents the most used passwords, the percentage of real-world usage for every entry in the top ten has dropped significantly and, thankfully, there are other factors at play in those lists. That being said, while you’re getting the rest of your security policies locked into place, it wouldn’t hurt to revisit passwords.
Ryan Norton, Contributor