By John Christie, co-founder and COO
In the days after the Heartbleed story broke earlier this year, Sinu, along with other technology experts, advised our customers to change the passwords of their online accounts to protect their data. Since then, a myriad of security breaches have been announced.
In August it was the “nude celebrity hacking” incident where several celebrities fell prey to a having their passwords stolen and their nude photos posted to the Internet. According to Apple chief executive Tim Cook in an interview by the Wall Street Journal, “celebrities' iCloud accounts were compromised when hackers correctly answered security questions to obtain their passwords, or when they were victimized by a phishing scam to obtain user IDs and passwords.”
An in a more recent incident, 5 million Google passwords were leaked. It turns out that in this recent Google “credential dump,” only a small percentage of the passwords were actually active. However, this news highlights, once again, how critical it is to generate secure passwords.
“The time it takes to crack a password is the only real way to determine its strength and value,” said Cameron Morris, a developer at defense contractor Partnet in an interview with ZDNet’s John Fontana. Morris developed an open-source tool called Passfault that predicts the time it takes to crack a specific password. So I randomly tested a password. I saw that my self-generated password would only take a day to figure out. Then I tried this free, secure password generation tool – xkpasswd – which creates easy-to-remember but hard-to-guess passwords. The password it generated based on my original password would take over one year to hack.
Whether you decide to use a password generator or not, there are a few basic best practices that experts agree on for generating and managing secure passwords:
- Generate a different password for each online account
- Change your passwords every 3-6 months and don’t reuse them
- When generating your own password it should contain upper and lowercase letters, punctuation, a number and be 8-14 characters long
- Do not store your password list in the cloud, such as on Google Docs or Dropbox
- Consider a two-step verification on services that provide it
For most of us, it is difficult and time consuming to manage dozens, if not hundreds, of unique online passwords – not to mention changing them every time a new breach is announced! So we often just take a deep breath and hope it doesn’t happen to us. However, there are several password management solutions that can help you both generate and manage secure passwords for your online accounts.
Last year, the New York Times reviewed a number of different apps to help manage your passwords. We have summarized this report below:
Password security will continue to be increasingly important to protecting our online data. Fortunately, there are more and more options coming on the market that can help make secure passwords more convenient to generate and manage. As you find a balance between convenience and security with this issue, we suggest moving the balance point as far toward security as you can.