Maximize Online Protection: The Power of Password Managers and Unique Access Codes

RAYMOND OGLESBY @RaymondOglesby2
August 13, 2024 -9 minutes read time

This is for devices using passwords. Screenshots are from iPhone 14 Pro running iOS 17.5.1+

If you are still using “qwerty” or “starwars” as a password, you should stop doing this. Let’s find out what makes a bad password, why you should care, and how to make a good one.

The Case For Strong Passwords

Don’t have the password to get into your bank account? You are out of luck unless you can trick the bouncer into telling you the password is “kangaroo.” A simple password like that would be a terrible choice to protect your access to a bank site. And yet, chances are good you are using something just as bad, because stronger passwords are too hard to remember.

The only safe way to store proper passwords is in a password manager. If you are not using one, you probably rely on a highly crackable password like “baseball” or “12345”, or you have memorized one complex password, like “Jazz2day4Me!” and use it everywhere. Password security is no small matter. Given the enormous risk, you need to keep your passwords safe.

Even the best password manager does not guarantee the safety of your accounts; not if you use it to store the same old, tired passwords. You have to switch out your old and weak passwords for new and stronger ones.

Once you have replaced all your lame passwords with strong, unique ones, you can relax, at least until a data breach forces a change. The National Institute of Standards and Technology (NST) no longer recommends changing passwords every 90 days. NIST now recommends using long phrases like “Correct-Horse-Battery-Staple” and changing them only when necessary. If you have terrible passwords, “when necessary” means right now.

Just what makes a bad password? Let’s look at some of the attributes of terrible passwords, and then some pointers on improving them.

Ditch the Dictionary

Every few months a news outlet posts a list of the worst passwords. We see a lot of easy-to-type options, like“12345” and “qwerty”. Easy for you to type? Sure. But also easy for hackers to crack. Other common (and poor) passwords consist of simple dictionary words, like “baseball”, “monkey”, and “starwars” in the list of worst passwords. These, too, are easy to crack.

A few of the best password managers (tap or click a button to view):

Some secure websites lock down after a given number of wrong password attempts, but many do not. For those with no bad guess lockout, hackers can cross a list of email addresses with a list of popular passwords and set up an automated process to keep trying combinations until they get in.

A properly secured website does not store your password anywhere. Instead, it runs the password through a hashing algorithm, a one-way encryption. The same input always produces the same output, but there’s no way to return to the original password from the resulting hash. If the password you type hashes to the same one that’s stored, you gain access. Even if hackers capture the site’s user data, they do not get passwords, just hashes.

But smart hackers can crack weak passwords if they know the site’s hashing function. They start by running a huge dictionary of common passwords through the hashing function. Then they look for the resulting hashes in the captured data. Each match is a cracked password. Sites with the best security enhance the hash function with password salting, which makes table-based cracking impossible, but why take the risk? Just stay out of the dictionary.

Think Differently

What about this perfect password: 1qaz2wsx3edc4rfv. You just “type” it by sliding a finger down four slanted columns of the keyboard. You think it’s so perfect, that you use it everywhere. And that is a big mistake.

Hardly a week goes by without news of a breach at some company or website, exposing thousands or millions of usernames and passwords. Smart victims change their passwords immediately. Those who ignore the problem may find themselves locked out of their accounts after the hackers have reset your passwords.

Those hackers know that all too many people recycle their passwords. Once they find a working username and password pair, they try the same credentials on other sites. You may not be so worried about losing access to your old Dropbox account, but if you used the same login on your bank’s website, you are in big trouble.

It gets worse. If someone else takes control of your email account, they can lock you out by changing the password. Then they can break into your other accounts by having a password reset link emailed to that account. Worried yet? You should be!!!!

Stay Away From Being Personal

Using personal information as the basis for your passwords is awfully tempting, but it’s a bad idea. Whether your dog’s name is Fifi or Khaleesi, that name probably appears in the dictionaries hackers use for brute-force attacks. Other possibilities such as the initials and birthdate of a family member probably will not fall to a brute-force attack. If someone wants to hack your account specifically, that personal data can fuel a trial-and-error guessing attack.

Do not think for a minute that your personal details are private. There are dozens of sites people can use to find details about anybody: address, birthdate, marital status, and more. Your social media posts can be another source of personal info, especially if you have not properly secured your accounts. A determined hacker (or a nosy neighbor) can probably guess any password you build based on your data.

Shut the Back Door

If you are not using a password manager, you have surely experienced forgetting the password for a site. It’s all too common. That is why virtually every login page includes a “Forgot your password?” link. Some sites send a reset link to your email address, while others let you reset the password after answering your security questions. And that opens a back door to anyone wanting to hack your account.

Most sites offer abysmal options for security questions like:

• What is your mother’s maiden name?
• Where did you go to high school?
• What was your first job?

As noted, your personal life is an open book to anyone with internet searching skills. When possible, ignore the preset questions. Create your own question, with a unique answer you will always remember but nobody else could guess.

It’s harder when the site does not let you define your own questions. In that case, your best bet is to use a memorable answer that’s a total LIE like:

• My mother’s maiden name is Fauci.
• I went to school at More Science High School.
• For my first job, I was a linotype operator.

There is an element of risk since you might forget which lie you chose. We suggest storing these oddball answers in the iPhone Notes app or on Google Drive.

What To Do Now

We hope we have convinced you that using common passwords is a rotten idea, as is building passwords from personal information. Even the best strong, random password becomes a liability if you use it everywhere. If you are ready to spring into action, here are some starting points:

• Use a password manager
• Switch to a better password manager
• Remember an extremely secure master password for your password manager and keep it on another app. Better yet, just remember the master password.
• Take advantage of a random password generator to upgrade your old, bad passwords
• You could even create your own random password generator in Excel
• Enable multi-factor authentication wherever available

If a secure site does not take care of security, you could still lose that site’s credentials to a data breach, but by making all your passwords long, strong, and unique, you can rest assured that you have done everything you can to protect your online accounts from password-based attacks.

You may want to switch to using Passkeys or Passphrases.

Source: PC Mag

Disclaimer

Technology is always changing. Rarely is there static tech for smartphones and desktops. Thus, the contents of this post are only valid at the time of writing. Blog posts older than six months may have directions incompatible with your device or OS. Hopefully, older post content will continue to work as advertised. Thank you for reading TechSavvy.Life for Technology at Work For You.

Quote For the Day

“Try and keep on trying until that which seems difficult becomes possible and that which seems only possible becomes habit and a real part of you.”

Dieter F Uchtdorf

X (Twitter) Info

That’s it. Please feel free to share this post! One way to share is via Twitter.

Just click the Tweet icon below. This will launch Twitter where you click its icon to post the Tweet.

Checkout TechSavvy.Life for blog posts on smartphones, PCs, and Macs! You may email us at contact@techsavvy.life for comments or questions.

Tweet

I Would Like to Hear From You

Was this post helpful? We would love to hear your comments. Do you have a computer or smart device tech question? I will do my best to answer your inquiry. Just send an email to contact@techsavvy.life. Please mention the device, app, and version you are using. To help us, you can send screenshots of the data related to your question.

You can access the E-book from a Kindle device, or the Kindle App for a desktop or smartphone. The apps are free.