In this post, Tyler takes a look at how we can improve the security of our passwords while making them easier to use.
Using passwords to secure our online accounts is a necessity. They are currently the only widely accepted form positive user identification on the internet. The problem, however, is that it is a flawed system.Passwords are either too simple which makes them easily broken; or complex but too hard to remember which makes them more likely to be written down, thereby defeating their purpose. For years we’ve been told the most secure passwords are those that utilize capitalization, numbers, symbols, etc. A 2007 article entitled ‘The Usability of Passwords‘ written by Thomas Baekdal, which has garnered some recent attention, poses a new theory regarding the best practices of password security.
The article suggests that it is much more prudent to use 3 or more uncommon and unrelated English words strung together to create a password than it is to create one using conventional wisdom. The logic here is that a password like ‘correct horse battery staple’ is much easier to remember than ‘Tr0ub4dor&3’, and is about as hard to crack using traditional methods used by hackers, including brute force, common word, and dictionary attacks.
The next step in making our online lives more secure is to make sure that these passwords don’t get used more than once. Don’t use the same password for your email and PayPal accounts. This can get difficult however, when you consider that most of us have many, many online accounts. Using a different password for each one can get confusing. To resolve this issue, consider using a password management utility which will memorize your passwords for you. A good password management program will work across multiple platforms/browsers, and will provide the added benefit of bypassing keyloggers. It will also store the correct URL for you, which is a good defense against phishing attacks.
The password security model is still and will forever be an imperfect system of authentication. With these improvements, however, we can do more to keep our accounts safe until other methods of authentication such as biometrics become more widely adopted.
