In today’s online world, most of us have difficulty choosing and remembering strong and unique passwords. It is even more challenging when we have to remember passwords for numerous different services.
Fortunately, there are some useful tricks and tools that can help us, so here we share some of those ideas.
Most personal online accounts hacked into using a password are breached in one of three ways:
- the password used is well-known to hackers, including common passwords such as 123456, password123 and iloveyou or regular words listed in dictionaries, even foreign language ones
- easy to find personal information is used as the password, such as a nickname, family member’s name, birth date or place, telephone number or favourite band/colour/car/sports team, etc.
- an online service with inadequate security is hacked and login details and associated passwords are stolen. This has happened many times, including to major internet companies like Yahoo! and LinkedIn. Although the passwords are often encoded or “hashed”, if this is done poorly, after the data is stolen, hackers can take their time to crack the passwords. If your login data is stolen and you use the same login details and passwords on other accounts, it is then easy to log in to your other accounts. This is why you must always use unique passwords for sensitive logins, such as your MailTight account and those protecting your financial accounts.
One of the problems of security breaches at other online services is that hackers build up “hacker dictionaries” of the millions of different passwords used by people around the world. Since many of us have similar ideas about how to create original passwords – like adding birth years, other dates or symbols to the end of familiar words or names – we need to change the way we choose our passwords.
MailTight includes many safeguards to ensure you do not use a password that hackers are likely to try. Apart from requiring long passwords, among its many verifications, MailTight automatically pre-checks your password choices against our own copies of “hacker dictionaries” with millions of entries to ensure you do not use a known password. Our security team regularly updates these dictionaries.
For today’s higher security needs, we have no choice but to use longer and more complex passwords. MailTight requires at least 15 characters to consider your password as strong and will accept nothing less than 11 characters. There are several good approaches for choosing longer passwords that are memorable. Each person has different preferences for how to remember things but useful options include:
- Choose a meaningful base password, along the lines of 2Toast+1Coffee or 4*happi#NESS then have a unique way of modifying it for each service (e.g. 2Toast+1Coffee=DailyMail or 2Toast+1Coffee=ShopAmaz), so a compromise of password on one service would not immediately affect another. It is always preferable if your base password contains a mix of UPPER and lower case and numbers and symbols. If you discover any compromise, you should always change your base password and any derivatives that you use on different services.
- Use a normal sentence or phrase that means something to you, preferably including numbers and punctuation. Sentences and phrases are much easier to remember and much stronger than what most people use as traditional passwords. You can type them in normally, including the spaces.
- Use an abbreviated sentence, only taking the first character of each word, along with any numbers and punctuation.
Examples of personal sentences or phrases, together with abbreviations, include:
-
I always take my dog for a 30 minute walk in Forest Park
Iatmdfa30mwiFP -
On June 26, my daughter Emma was born!
OJ26,mdEwb! -
When living in City View Tower, my phone number was 699232
WliCVT,mpnw699232
Or pick a sports theme:
-
Real Madrid won the Champion’s League in 2002
RMwtCLi2002 -
In 1991, Ayrton Senna was Formula 1 world champion
I1991,ASwF1wc
Or music:
-
Gloria Gaynor’s famous song starts “At first I was afraid, I was petrified”
GGfss”AfIwa,Iwp”
If you need to work with a lot of passwords, one option is to consider using a Password Manager. A Password Manager provides secure encrypted storage of multiple passwords (and often PIN codes, account numbers and other confidential data), with access based on having only one strong password to remember. Many Password Managers also help you generate strong random passwords automatically.
There are obvious limitations to using a Password Manager – if your one strong password is compromised, then you risk losing access to all your passwords and confidential information. However, for some people, this is a far preferable solution to storing unencrypted records of passwords.
Although there are online Password Managers that store your passwords in an encrypted file somewhere on the Internet (“in the Cloud”), many of these use online storage hosted in countries that require companies to provide backdoor access to user data, so these are best avoided.
Password Managers that have both desktop versions (Windows, Mac) and multiple mobile versions (iPhone, iPad, Android, etc) with encrypted local storage include:
- Dashlane www.dashlane.com
- mSecure www.msevensoftware.com
- Ascendo DataVault www.ascendo-inc.com/DataVault.html
If you carry around a smart phone, one of these applications could ensure you always have access to your passwords.
This product information is provided for illustrative purposes only and does not represent any endorsement by MailTight. You should carry out your own evaluation and decide which, if any, Password Manager is suitable for your needs and risks.
If you have any questions or comments about security or passwords, please feel free to contact us.
The MailTight Security Team