A brief on strong passwords and password hygiene
While I could go on about the math behind creating a strong password, I’ll skip that and cut to the chase.
For a password to be strong it should,
- have an increased length (number of characters) and,
- have increased complexity, that is, have as many different character types as possible - upper and lower case alphabets, numerals, and special characters.
Alternatively, you could choose to create passphrases. Passphrases are a collection of random dictionary words clubbed together. While you could pepper your passphrases with numerals or capital letters, they could do without them too. The strength depends on the number of words.
A quick shout out! Here's a “video version” of the article. If you are the visual type, I recommend watching the video. I bet you’ll enjoy it :)
The idea behind password hygiene is to eliminate a single point of failure. You do not want all of your online accounts to be associated with just one password (however strong it may be). Even if one of those accounts were to be breached, all your other online accounts associated with that password are at risk. The convenience of having just a password or two protecting all your online accounts is just not worth the risk. Use unique and strong passwords for every online account you create.
Storing unique passwords
John Opdenakker tweeted he had 107 personal online accounts (at the time of the tweet). That’s a huge number. And let’s not forget, many of us may have numerous accounts too.
Numerous online accounts also means, as many number of unique passwords at your disposal. But how would you remember all of them? This is precisely why web users resort to reusing passwords. Not only is it energy-draining to create a safe and secure password for every random account you create online, but you also have an imperative to store them since it’s impossible to remember all of them and store them safely, lest some bad guy gets access to all your data.
Safe password practices are a big pain!
It’s impossible to remember all unique passwords for every random online account you create.
So, the paranoid person that I was, I wrote every one of them in a diary maintained solely for online accounts. Imagine the nightmare of having to write down unique and strong passwords for hundreds of accounts on the web. Though secure, this can be rudimentary and bloody frustrating.
- I would make mistakes when manually typing the lengthy password.
- I could not copy and paste my passwords.
- Let’s be honest, it’s difficult to consistently create unique passwords. As humans, we tend to repeat certain patterns. There would be times when I would have, the same set of alphabets, special characters or numbers making each password less unique.
The frustration of having to create unique and strong passwords all the time and securely store them could make you resort to your old ways of reusing passwords.
Password managers to the rescue
Given all the jargon I just discussed, let’s just say password managers are the way to go.
A password manager is an application that stores all your passwords for you, so you don’t have to worry about remembering them.
I’ll use a popular password manager, Bitwarden as an example.
The best part — you could also make it generate strong passwords/passphrases for every website/application you register to, and store them for you.
A password manager stores all your passwords in a secure “vault” that can be opened only with a “Master Password”. Write your master password in a diary or notebook and keep it somewhere safe.
This brilliant piece of software offers you convenience and security.
The anxiety of storing your passwords in one basket
Many people distrust password managers. They are paranoid about storing all their passwords in one basket.
Well, think about this.
- I used to write all my passwords in a diary previously. What if someone got hold of it?
- Maybe you are typing all your passwords and storing them as a document in plain text on your device. What if someone got hold of your device? What if malware sniffed all your data from your device?
- Maybe you are storing your passwords in google drive. What if your google account was compromised?
- Maybe you have everything in your head. Then rest assured, your passwords are not unique and secure enough, and is a matter of time until something bad happened.
You have to store your passwords somewhere!
Whilst having all your account details exposed at once is undoubtedly a very bad thing, the risk is infinitesimal compared to the chances of having it breached via website.
- Troy Hunt
However, the anxiety is understandable. After all, these are passwords we are talking about. But the perception of a password manager being unsafe mainly stems from the fact that people are uninformed with regards to how it works. Maybe a little homework on your side would help alleviate your fears.
💡How safe is a password manager?
I am a fan of Bitwarden. I did my research too. It’s a great service. It fulfills all the above criteria I mentioned. You could learn more about how Bitwarden keeps your data safe in its “Security - FAQ” section. They also have a security whitepaper, where you could learn in-depth, about how encryption and security works at Bitwarden.
If you still feel insecure about using a password manager or find it difficult to use, I would recommend using an online password generator like Bitwarden's. Generate passphrases (not passwords, since passphrases are more readable) and write them down in your "Password Diary". I think this is a good option, provided you keep your diary safe and sound.