I thought I should share a little about passwords and the constant balance between security and convenience.

We use passwords in almost everything. From unlocking our devices, to logging in to our social or email accounts. Some of us even use passwords to enter our homes.

How Strong Are Your P@$$w0rds?

In this day and age, you probably have come across a password strength meter when registering a new password for an online account, or when attempting to change your password. These meters check your desired password for combinations of alphanumeric (a-z, 0-9) or special characters. It then classifies your desired string into one of many categories, generally: Weak(Red), Neutral(Yellow), and Strong(Green).

How strong then should your passwords be?

The short answer is As Strong as Possible. An easy way to visualise this is by calculating the number of permutations a numerical password can have. Assume a system locked by a four-digit numbered password (0-9), there are 10 digits from 0-9, and 4 slots. That gives a possible 10x10x10x10 = 10,000 possible password options. A computer can easy brute force this in mere seconds. A six digit option is slightly better, but not by much with 1,000,000 options.

There are online tools that help you check the strength of your password, and they help you visualise how fast your password can be cracked. In general, your passwords should be at least 12 characters long, with a mix of upper and lower case letters, numbers and special characters.

Security vs Convenience

Strong passwords are usually long and confusing - which is why they are strong. Unfortunately, this means that it becomes inconvenient to remember and to type each time we want to log in. We don’t want to be hampered by our own security measures each time we log on online. Imagine making a typo error while typing your long password and having to restart all over again.

A XKCD comic sums this problem nicely.

One answer to this dilemma is the use of a password manager. Password managers are applications that store credentials to your various accounts behind one master password. You only need to remember one password to have access to all your other passwords. While this sounds great, keep in mind that if you lose control of your master password, you lose everything.

Password Managers

There are many password managers available online, including two well-known ones: 1Password and LastPass. Please do exercise discretion before committing to any one. Read about the features and security of each application and decide wisely if that application can be trusted to keep your passwords safely and securely.

Conclusion

Cybersecurity starts with personal responsibility for our online accounts. Use strong passwords and change them regularly to ensure that your personal data is kept safe at all times. If you suspect your accounts have been compromised, recover your account immediately, log out of all other devices and change your passwords. You can also check haveibeenpwned.com to see if your account have been compromised in a known breach.

Stay safe, offline and online!