Wow it’s been a long time since I posted anything on my blog! Trying to get back on that horse, so… hello again!
With all the recent news of data breaches at retail stores and online retail and other services, I thought it would be a good time to write a bit about good practices with passwords to help keep you fairly safe online. Many people have written about this subject and I figured another one wouldn’t hurt. :)
No system of passwords is going to keep you 100% safe and secure, because those passwords are stored in online databases of the services you use, so you are at the mercy of how good those services are in keeping your information secure and out of the hands of hackers.
There are currently two mainstream forms of password verification: 1-Step and 2-Step Verification. Here’s a brief explanation of each type of verification:
This is the basic type of password verification to validate who you are. You enter your password on a website, the website validates your password against their database (they should be storing your password in an encrypted form), and if what you enter (along with a user name) matches what is in the database, then you have authenticated yourself and the website should grant you access.
A more advanced form of password verification, called 2-step verification, was first introduced by Google to give you more confidence that only you can access your private Google services. Many companies are now adopting this form of password verification, and in my opinion all services should be doing this.
To use the 2-step process, you provide the service with a secondary device or service (such as mobile phone number or email address, but more commonly your mobile phone) the service can use to send you a secondary code when you attempt to sign in to the service. You enter your password, they send you a code to the device, you enter the that code to receive access to the services.
There will be other forms of password verification that come in the future, but these will probably also involve some sort of 2-step method to authenticate the human you. Because people are generally lazy and don’t want to have to enter the verification code received, these will probably involve your computer and phone communicating with each other to automatically perform the second step of the verification.
For now, password verification will always involve the first step, which is entering a text password (at least until some other form of password becomes reliable, such as a fingerprint, retina scan or other body part). Because of this, it is important that you make good passwords that are easy to remember and difficult for hackers to crack.
Good Password Habits
There are many good habits you can use when creating passwords. Here are just a few:
- Never use the same password on more than one site.
- If you can’t do #1, then at least never use the same password that you use on your banking website as you use on any other website.
- Always use mixed upper and lower case letters, at least one number and at least on punctuation.
- Don’t use birthdays, family member or pet names, or anything other type of personal information in your passwords.
- Never tell anyone your password; if you do, change it right away.
Admit it, you use the same password on many sites because you don’t want to memorized a bunch of different passwords; it’s hard to remember so many different passwords and you don’t want to hassle with it. I get it.
You could use a password storage service, but the good ones charge monthly service fees and who needs another expense. Plus, these can sometimes be difficult to use, especially across different devices/platforms.
One trick to creating memorable passwords is to use a sentence that you are familiar with, taking the first letter of each word in the sentence as a letter in the password. When you do this, you use the case of the letter as it appears in the sentence and also any punctuation. Then you add some numbers to the beginning or end of the password that have NO contextual meaning to the sentence but have meaning to you so you can remember them.
I like to use Bible verses for passwords because it does a few things for me: 1) creates a strong password, 2) helps me memorize scripture and 3) keeps God’s word in my life daily.
Here’s an example of a verse turned into a password (I’m not showing one I use):
Pray also for me, that whenever I speak, words may be given me so that I will fearlessly make known the mystery of the gospel, (Ephesians 6:19 NIV)
Wow 32 characters in that password! I bet you think you couldn’t remember it, but you’d be wrong. All you have to do is memorize the sentence and you’ll easily remember the password.
Sentences make for strong passwords as long as you don’t pick something common and as long as you mix it with some numbers not related to the sentence. Hackers can easily create programs that will produce these passwords from Bible verses, but it is harder for them to crack these when you add random numbers (or even other symbols such as @, #, $, %, etc.).
That’s about it for now on this subject. I hope it helps on how you create your passwords.
Thanks for reading and God bless!