top of page

Pa$$w0rds



Are you still using the same password you created years ago? If so, it's time to change it! Using the same password for an extended period of time makes you vulnerable to hacking and identity theft. In this post, we'll cover how to make a secure password using random number generators and phrase-based passwords, as well as the importance of changing your password regularly.


Why Change Your Password?

Changing your password regularly is an important step in keeping your personal information secure. Here are three reasons why:

  1. Prevent Hacking: If someone gains access to your password, they can access all of your personal information. By changing your password regularly, you decrease the likelihood of someone gaining unauthorized access to your accounts.

  2. Protect Personal Information: When you change your password, you also change the information that is associated with that password. This means that if someone gains access to an old password, they won't be able to access any new information that you've added to your accounts.

  3. Stay Ahead of Data Breaches: Data breaches are becoming more common, and it's important to be proactive about protecting your personal information. By changing your password regularly, you can stay ahead of data breaches and keep your personal information secure.


Best Ways to Make a Password

Using personal information such as addresses, names of relatives, and phone numbers that are in public records can make passwords vulnerable to guessing or cracking. Cybercriminals can use this information to launch targeted attacks or brute-force attacks that try every possible combination until they find the right one. In addition, using easy-to-guess words or phrases such as favorite foods, pets' names, or dates of birth can also make passwords vulnerable to cracking.


When creating a password, it is important to choose something that is unique, complex, and difficult to guess. One way to do this is to use a combination of letters, numbers, and symbols that do not relate to personal information or common words. Another way is to use a passphrase, which is a sequence of words or random characters that are easy to remember but difficult to guess. This can help to prevent unauthorized access to sensitive information, such as financial accounts or personal data.


Using personal information or easy-to-guess words in passwords can also make it easier for attackers to guess other passwords that you may use across different accounts or services. This can have serious consequences, as cybercriminals can use compromised passwords to gain access to sensitive information, commit identity theft, or launch other types of attacks.

In an ideal world, every account you have should have a different password. This can be easily accomplished using a password app or Apple’s built in Keychain which generate random number-letter long passwords for you when you make accounts then autofill them for you when you login again. These are great for websites and shopping accounts. Places where if the password is lost, it is easily recovered with an email re-set. We do not recommend any of these services more than any other, and do not endorse any particular software, we just encourage the use of them. For your convenience only, here are the current top 5 password tracking services.

  1. LastPass: LastPass is a popular password manager that allows users to store and manage passwords across all devices. It offers advanced security features such as two-factor authentication, password sharing, and auto-fill capabilities.

  2. 1Password: 1Password is a powerful password manager that offers secure storage for passwords, credit card information, and other sensitive data. It also features advanced security measures such as two-factor authentication and end-to-end encryption.

  3. Dashlane: Dashlane is a user-friendly password manager that offers an intuitive interface and robust security features. It allows users to store and manage passwords, generate strong passwords, and monitor data breaches.

  4. KeePass: KeePass is a free and open-source password manager that provides strong encryption and secure storage for passwords and other sensitive information. It also supports multi-factor authentication and plug-ins for additional functionality.

  5. Bitwarden: Bitwarden is a versatile password manager that offers a range of features, including cross-device syncing, secure sharing, and password generation. It also supports two-factor authentication and end-to-end encryption for added security.


However, there are some passwords you should absolutely commit to memory. The primary ones being your email address (which you need to recover any other accounts), the one to login to Apple or your password keeper of choice, and your financial institution logins and pins. In the event you loose access to everything, having these as a starting point to recover everything else is crucial.


This is where a passphrase can come in. A pass phrase is a sequence of words, often chosen for their length and unpredictability, that is used as a password or encryption key. Unlike traditional passwords that rely on a combination of letters, numbers, and symbols, a pass phrase is typically longer and easier to remember.


There are several ways to generate a pass phrase, including:

  1. Random words: Choose a set of random words, such as "purple bicycle sunrise" or "silly monkey socks," and string them together to form a pass phrase. This can be done by opening a book to random pages and choosing a memorable word on the page.

  2. Sentence-based: Think of a sentence or phrase that is easy to remember, such as "My cat's name is Whiskers and she loves to play," and use the first letter of each word to create a pass phrase (e.g. "McniWasLtp").

  3. Acronyms: Use the first letter of each word in a longer phrase or sentence to create a memorable acronym that can be used as a pass phrase.

  4. Song lyrics or book titles: Use a memorable line or title from a song or book to create a pass phrase. For example, "A wizard is never late, Frodo Baggins" could become "AwInLfB" or "WizardLateFrodo."


Using a pass phrase instead of a traditional password can provide increased security, as they are typically longer and more complex than traditional passwords, making them harder to crack. However, most websites require you to have a combination of letters, capital letters, symbols, and numbers. Make sure you have versions of your pass phrase that include those as well, and ensure that what ever numbers you choose are in fact random. We recommend using either good old fashion dice or a random number generator to create these numbers. All else fails and you are really terrible at remembering numbers pick a historical event (not a personal one), you can always google the year it happened if you forget.


Passwords also need to be changed frequently, so it may be worthwhile to design a system that you can easily cycle through but remains difficult to guess. Perhaps changing the color description, or heading, or if there is some other pattern you’ve memorized in your life pull upon that. If there is a poem you love, use the next line.


Another way to keep your most crucial passwords memorized but different, is make up a system that is consistent. Such as including an abbreviation of the website name plus the industry and your pass phrase;


skyovershoes;october-blue;12*7*41;BANK-captl-one

{(pass phrase);(changeable element);(historical event with symbol separator);(industry - website abbreviation you made up)}


When should I change my password?

Frequently. That is up to interpretation, based on how much time you have to spend on keeping them up to date, and how important each password is. You may change your email more frequently than your magazine logins for example. But the time you absolutely must change them is when a breach happens. Often if you are using a password keeper they will inform you. But you can also sign up for services such as https://haveibeenpwned.com which will notify you if your email address was found in a data breach. When a company finds out its been hacked, it will submit lists of the addresses affected. These are not released publicly, but you can use their service to check the lists for yours. Same goes for your phone number.


When this happens, start by changing the password associated with the breach, then change any other accounts that use the same password (which, ideally, is zero, but ideal is rarely reality). While it is a lot of work to go change everything to randomly generated passwords and your new pass phrases, having them all different makes keeping up with breaches much easier in the long run.


Lastly, if you truly refuse to change your easily guessed password, please go buy some identity theft insurance.

37 views0 comments

Recent Posts

See All

Comments


bottom of page