Joel Shannon, USA TODAY
Published 10: 34 a.m. ET Nov. 3, 2019 | Updated 8: 20 p.m. ET Nov. 3, 2019
You don’t feel like entering your password over and over, so you press the “keep me signed in” button. Was that a mistake?
It’s hard even for you to remember your password, so you must have a good one – right?
That way of thinking traces its roots to the early 2000s, in now-revoked guidance suggesting secure passwords should feature lots of random characters. But today’s cybersecurity experts offer different, more user-friendly advice.
The shift was widely covered in 2017, when a man often called the “father of passwords” said he regretted his earlier recommendations, which previously suggested secure passwords should be complex – filled with variations of letters, numbers and special characters.
Instead, Bill Burr – a former National Institute of Standards and Technology manager – began to recommend using easy-to-remember phrases as passwords, rather than ones filled with “lots of funny characters,” CBS reported in August 2017.
The previous guidance came from a different era of computing, cybersecurity expert Curtis Dukes told USA TODAY. People had fewer passwords to remember back then. Hackers with relatively little computing power could be legitimately stymied by a random password. And there weren’t many other ways to protect yourself other than having a hacker-proof password.
But over time, the advice led many people to believe that adding confusing characters to the end of a password or transposing letters with similar-looking characters (“pa$$word”) would give them an added layer of cybersecurity, according to Dukes, an executive with the nonprofit Center for Internet Security Inc.
But in reality, that’s not making you any less vulnerable. It’s likely just unnecessarily frustrating you.
National Security: What makes a good password? Not having just one
You likely have dozens of online accounts protected by passwords. You should also have dozens of passwords – they just don’t have to be difficult to remember.
Repeating passwords is a huge security risk, Dukes said. It means that if one password is compromised in a data breach, you will have multiple accounts exposed to hackers.
The solution: Think of phrases instead of words when setting your passwords.
Sharing your streaming password?: This is how much it’s costing Netflix, Amazon and Hulu
You might not be able to remember dozens of passwords that look like “n4^G*E7fg?c=eW~P” (which is an actual password suggested by an online generator). But you have a real shot at remembering, say, dozens of lines from your favorite comedy.
Added bonus: Those phrases are likely pretty long, which is a big part of having a secure password.
That simple switch will make it far easier for you to remember multiple unique, strong passwords, Dukes said.
National Security: Passwords are just the first step: Turn on two-step verification
When you’re going through all your accounts to update your passwords, opt to turn on two-step verification from any service that offers it, Dukes recommends.
You’ll have to confirm your identity before accessing your accounts when two-step verification is activated. It’s often done by texting confirmation codes to your phone, essentially meaning a hacker would need access to both your password and your phone before they could access your account.
And while it’s possible to hack two-step verification, it’s such a challenge that many would-be identity thieves will simply move on to an easier target, Dukes said.
National Security: How do you remember all your passwords? Really, you don’t have to
While physically writing passwords down is still a bad idea, digital password managers are generally a secure way to keep track of the dozens of passwords you should have.
Pick one with good reviews, and use it to enable you to stop repeating and recycling passwords, Dukes recommends.
National Security: Password security: Stop doing these things
Even if you don’t do all the above tips, you should certainly stop doing these bad habits, according to Dukes:
- Using default passwords
- Using the same password for multiple accounts
- Forming multiple “unique” passwords that only vary by a few characters
- Using personal information such as family names, birthdays, addresses, etc. in passwords
Read or Share this story: https://www.usatoday.com/story/tech/2019/11/03/forgot-your-password-common-password-advice-bad-experts-say/4103463002/