Home » Read Our Blog

Secure Passwords (Pt. 4)

(From Troy Hunt’s Blog) View Part 1, Part 2 or Part 3 of this series.

The myths of “secure” passwords

First and foremost, the word “secure” is frequently thrown around like it’s an absolute term. It’s not. Look no further than the Stuxnet virus; computers running the centrifuges in Iranian nuclear facilities entirely disconnected from the internet were successfully targeted by the virus. Surely those systems would have been considered “secure” by any reasonable definition of the word.

It’s a little bit like saying a car is “safe”. Some are better than others, no doubt, but at the end of the day it becomes a risk mitigation exercise. You trade some things off – such as the simplicity of a password or price paid for a car – and you get a better risk profile in return such as longer to crack the password or more airbags in the car.

Here’s how some people (Google, in this case), believe you should create – and remember – secure passwords:

Seriously? Can you imagine trying to remember dozens of “I love sandwiches” style of passwords? Keep in mind you need to remember what the phrase was, which characters you substituted and which one you used for which site.

Besides, the whole idea of strong passwords is to avoid predictable patterns. Is substituting an “@” in place of an “a”, or a “3” in place of an “e” really going to throw the bad guys off the scent? Memorized patterns with substituted characters are a very thin veneer of security and trust me, the bad guys have heard of this trick.

In fact, the password dictionary I linked to earlier contains many common occurrences of character substitution. In there you’ll find examples such as “s@yg00dbye” and “s0cc3rRul3s” – not exactly “secure”.

Writing your passwords down on paper also isn’t going to do you any favors. Because you’ve got so many of them (and face it, you do), you’re going to need to also write down which account the password belongs to which means you’ve got the mother lode of credentials sitting there ripe for the burglar / kids / nosy guests.

The other problem with handwritten account details is that these days many of us are logging in to many different locations such as the home PC, work PC and increasingly, our mobile devices. We can’t practically have the keys to our online world locked away in a drawer somewhere – it’s simply too big of an inconvenience for many people.

And finally, the handwritten strong password is just too damn painful to continually re-enter every time you logon somewhere. Remember, a strong password is very long and very random; exactly the attributes which makes manually typing them tedious and error prone.

So what about just storing them in a Word doc or in a notes system like Outlook? Because they’re just too easy to steal and when this happens, they’re easy to extract because they’re not encrypted. Someone gets their hands on that file and you are well and truly compromised in a most unpleasant way.

View Part 1, Part 2 or Part 3 of this series.

Facebook comments:

Leave your response!

You must be logged in to post a comment.

Untitled Document
Serving Home & Mobile Audio Products to these local South Florida communities:
Palm Beach County: Boca Raton | Boynton Beach | Delray Beach | Juno Beach | Jupiter | Lake Worth | Palm Beach | Palm Beach Gardens | Wellington | West Palm Beach
Broward County: Coconut Creek | Coral Springs | Dania | Davie | Fort Lauderdale | Hallandale | Hollywood | Parkland| Plantation | Pompano
Miami/Dade County: Aventura | Bal Harbour | Coral Gables | Doral | Florida City | Hialeah | Homestead | Key Biscayne | Miami | Miami Gardens | North Miami