I’m on the blogging team at my job and I go through periods where I write a lot of blogs. One topic that gets me fired up is passwords, security and protecting yourself from malicious hackers and attacks.
Password management is a subject I care very much about, and because of that, I use 1Password as a password generator and manager.
Every site that I have a login for is stored in 1Password and has a very high-strength password. You can tell the password generator how many characters you want in your password, how many symbols, if you want a pronounceable or random password.
Here’s a screenshot of the generator screen:
The password that the app generated for this site (it’s not a real password of mine) is 75P.wMAsKs$jtSgPNH. That’s a pretty secure password. It’s 18 characters long, with numbers, both lower and uppercase letters and symbols (I have my settings configured to two symbols, but I recently switched to three).
While 75P.wMAsKs$jtSgPNH may be a very secure password, it’s a sucky password to remember, and unless you’re Rain Man you’re definitely not going to remember that. Ever.
That’s the beauty of 1Password. All you need to remember is one password. That’s where the clever name comes from. You put in your very secure password, and then with a browser extension you sign into whatever webpage you need to with one click. I love 1Password.
My secure password is 25 characters long, with lower and uppercase letters, symbols and numbers. It can be a pain to type sometimes, especially when I type it wrong, but I am confident in its strength, and even more confident in the passwords that 1Password generates for me.
Two Factor Authentication
I’m also a big fan of two factor authentication. I have it set for Gmail, Twitter, App.net, Evernote, and Dropbox. If a service offers it, I use it. Two factor authentication (or two-step authentication) is a two step sign-on (doy) that takes something you know, your password, with something you have, your phone.
When signing into Gmail (or any other service that offers two factor) you put in your user name and normal password. Then, you’ll need to enter in a temporary passcode from the Google Authenticator app (iOS app, Android app) or SMS message from the service.
If you log on to a VPN for your job and need to use a passcode from a key fob it’s very much the same process.
This second level of security makes your information much more secure because it’s something that can’t be faked or cracked.
If you’re interested in setting up two factor authentication I included a few links to instructions for some of the popular services online.
Limitations on Passwords
Every password I have is generated via 1Password, so I am very confident in the security of my accounts. However, there are some websites and companies that limit how secure your password can be. Banks, financial institutes and government offices are the worst offenders of this. No one should put limitations on password security. Especially these institutions.
Some sites will only allow you to have passwords that are 4-8 characters long, or alphanumeric only (no symbols). That really pisses me off, especially when it is for an account that has sensitive information like banking sites. The fewer characters a password has, the easier it is to crack. If there are no limitations, I set my passwords to 18 characters with at least two symbols.
Other Security Holes
There’s one “security feature” that really pisses me off, and it’s security questions. If people answer them honestly they are not very secure. With some Googling or looking on social networking sites you can probably find out where a person is from, names of pets, children, lots of information.
That’s why, when filling out answers for these security questions I will always make up ridiculous answers for them. That is the most secure method. If it asks me for my mother’s maiden name, for example, I may use “Danvers”, or some other name from a comic book character. My mother’s maiden name is too easy to find, thanks to Facebook. Also, if you do some more digging you can deduce the town where my parents met, another security question that I often see.
Google actually asks some more secure questions, but also gives you the ability to write your own security questions. That’s a feature I really like.
Answering these questions truthfully is not secure. Make up your own answers for these questions. And if you do this, make sure you write them down and store them in a safe place. Like in the 1Password item for that particular site! Or a safe. I do both. For the really sensitive accounts that is.
Why is all this important?
For years I’ve been shaming my mother for her terrible password system. I’ve told her countless times that I’m glad she’s not president because she’d have the nuclear launch codes written on a post-it note under the keyboard. Her passwords were fairly secure, but they were written on a notebook that she took everywhere. That makes them not very secure. I was finally able to convince her to use 1Password as a password manager, and now my parent’s important accounts are protected that much more. If only I could convince my wife of the same thing.
It’s your life. Your data. And more importantly, your money and livelihood. We keep our entire lives online, and in an instant a malicious hacker could wipe everything out.
Passwords are important.
Two Factor Authentication Instructions
If your interested in setting up two factor authentication, here are the instructions to set it up for various services:
[…] some serious fallout I immediately logged into my hosting dashboard to change my password. I am pretty serious about passwords and security as you may have read previously, so I am fairly confident in my passwords. Unless I am restricted I […]
[…] Passwords are a huge problem. Not enough people use strong passwords, and too many people reuse passwords on multiple sites. This is horrible. If a site is hacked, like LinkedIn was not too long ago, hackers can sell user name and passwords. Hackers may try to use those stolen logins to break into your email or social accounts. They did it during GamerGate, and they’ve done it during the campaign. […]
[…] I’ve written about passwords and security before, and in that post, I mentioned a service that I love – 1Password. […]