Good pass­word habits, part 2

Con­tin­u­ing on from last month’s col­umn, APC’s ed­i­tor shares his other key bit of pass­word ad­vice.

APC Australia - - News - DAN GARDINER ED­I­TOR-IN-CHIEF dan.gardiner@fu­turenet.com

In last month’s edi­to­rial, I harped on about good pass­word prac­tices, and this is­sue, I’d like to share a bit of other pass­word know-how — it’s some­thing that we touched on, but didn’t re­ally dive too deeply into, in last is­sue’s se­cu­rity cover story.

I per­son­ally still ad­vo­cate that every­one should use a pass­word man­ager (like KeePass, Last­pass or 1Pass­word) to en­sure their ac­counts are kept as se­cure as is rea­son­ably pos­si­ble. That’s not prac­ti­cal in all se­cu­rity sit­u­a­tions, how­ever, so what should you do when you have a pass­word you need to re­mem­ber and man­u­ally type out, but can’t use your pass­word man­ager? For ex­am­ple, the pass­word you use to un­lock your pass­word man­ager — the whole idea of us­ing one of the lat­ter is that they gen­er­ate su­per­se­cure ran­dom strings of char­ac­ters for pass­words, and save them, so you don’t ever have to re­mem­ber those strings. How­ever, creat­ing such a se­cure pass­word with your pass­word man­ager for your pass­word man­ager would be a recipe for dig­i­tally ‘locking your keys in the car’.

In such cases where you can’t use your pass­word man­ager, I favour the ‘long mem­o­rable phrase’ ap­proach. This is where you pick a phrase that you can eas­ily re­mem­ber, then add a num­ber and a cou­ple of cap­i­tal let­ters to it. For ex­am­ple, you could go with some­thing like “APC is my favourite tech magazine”, and add a cou­ple of the tra­di­tional ‘good pass­word prac­tice’ el­e­ments in there, like us­ing ‘4487’ in the mid­dle, and cap­i­tal­is­ing a cou­ple of let­ters — so that you end up with some­thing like “APC is my favouritE 4487 tech magaZine”.

There’s a few rea­sons this is a bet­ter prac­tice than the stan­dard ‘se­cure’ pass­word ap­proach most of us know of com­bin­ing a word and a num­ber (ie. “pass­word1234”). Firstly, the longer your pass­word, the harder it is to crack math­e­mat­i­cally — ev­ery ex­tra char­ac­ter you add ex­po­nen­tially in­creases the dif­fi­culty. Sec­ond, spa­ces count as spe­cial char­ac­ters (in the same class as sym­bols like # or $), mak­ing them es­pe­cially tough for ‘dic­tio­nary at­tack’ style pass­word-crack­ers to han­dle — they’re an­other nice way to in­crease the com­plex­ity of your pass­word with­out mak­ing it harder to re­mem­ber.

Ob­vi­ously, you don’t want to use this method for all your pass­words (un­less you like typ­ing them in), but in con­junc­tion with a pass­word man­ager, this is an easy way to bulk-up your dig­i­tal se­cu­rity.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.