What is a password?
Passwords are a simple method we use to prove who we are when we travel the web. They help to ensure that only we get to speak on our own behalf through this global computer network, and they allow us to remain masters of our online reputations.
We use passwords every day, sometimes on hundreds of different websites and services. Some recreational, like Social Networking or browser-based farming simulators, and others a little more involved like banking, Paypal and work email.
Most services online allow you to log in from anywhere. You can travel on an impromptu vacation to the Bahamas, to visit family in Italy or answer an unexpected calling to join Doctors Without Borders in Mogadishu. Wherever you go, all you need is Wifi access for your laptop or smartphone and your password to prove that it’s still you, and you’ll have access to all of the services and privileges to which you have become accustomed. Perhaps you’ll never need this freedom, but it is quite simple for service providers to allow your password to be your bond instead of constantly second-guessing where you are logging in from.
The challenge is, that this also means that hackers, scammers, and bored teenagers from anywhere on Earth have the opportunity to try to guess or figure out your passwords, in order to *abuse* your accounts and reputation to their own ends. They could try to log into your banking website to steal your money, or sign up for credit cards in your name. They could log into your email to send out spam, or abuse your address book to try to scam your very own friends and family with clever tricks to impersonate you. If you do professional work online, then the opportunities for mayhem increase, and the importance of keeping those passwords secure increases equally.
So how do you keep these passwords safe? Well, how can the bad guys guess them in the first place?
1. If your password is very low entropy (meaning it doesn’t contain a lot of unique information), bad actors could just try to log in over and over again until they’ve figured it out. There are a ton of bad password choices out there that people still attempt all of the time. Bad passwords include dictionary words, such as “password” or “secret”. Passwords that are a short string of numbers, like a birthdate or anniversary: “1216” or “9112001”. Remember that the bad guys can program computers to try every possible password they can think of, hundreds of times per second for days on end without costing them very much at all. So it is best if your password is not one of the first billion or so an attacker might try out.
2. If you re-use the same password to log into more than one kind of service online. It is a hassle that we have so many online accounts and identities to keep track of nowadays, and keeping every one of them both unique *and* really hard for attackers to guess is not at all easy without help: but it is certainly important.
For example, one of the most common password attacks is when an attacker will start a service of their own, and simply ask users for their Email Address and a password to use the service. So many of these users will enter the same password that they use to *actually log into their email* that the illegitimate service operator now knows how to log directly into the victim’s email account. Worse yet, most people rely on their email accounts as password *recovery* avenues for their other services online like social networking, games, banking, etc. so the attacker now gets to reset many of these passwords at will and expand their attack farther, while interrupting your own access in the process.
So to stay secure, your job is to keep a unique password for every service online (preventing one service going bad or being hacked from allowing anybody access into unrelated services) and to keep each of those many passwords strong enough that they will remain difficult for bad guys to guess out of the blue.
If this sounds like more trivial memorization than your brain could possibly handle, then you’re certainly not alone: even the most devout security professionals could never cold memorize a hundred strong passwords at a time. So, we have to find shortcuts that help us get the job done without lowering our level of safety.
Many people rely on computer programs called Password Managers to store their passwords, both for convenience and to support stronger, unique passwords everywhere. Most popular web browsers (Chrome, Firefox, Safari) have Password Managers built right in. Sadly, these password managers aren’t always very secure (other programs on your computer, including viruses and malware, can often easily read all of your passwords at once) and not all of them are designed to help you access the same passwords from different devices.
This is why Webformix endorses a system called Lastpass.
It is a password manager which focuses both on strong security for your password wallet, and on making it easy to share this fortified password wallet between all of your devices. It can generate strong, unique passwords for you to use on every different service online, and then keeps them locked safely behind the only, single master password you’ll be left having to still memorize.
It is free for personal use, and installs easily on Windows, Mac, Linux, iOS and Android devices. Webformix has invested in the Enterprise edition of this software to help us keep track of over five thousand unique login credentials which are shared on a need-to-know basis with our 9 employees, and it also makes it easy to securely share password credentials with contractors and hosting clients as needed.
So remember to stay safe online, and thank you for your time. 🙂
– – Jesse Thompson
Webformix Network Administrator