Hardening Firefox

The Password and You

Everyone who uses a computer knows the importance of passwords.

In several ways, these small textual nuggets have become the keys to much of our lives, if not all our digital lives.

But even if you don’t use computers often, passwords have been around forever, equally guarding the entrance to the secret clubhouse and the wall safe behind the portrait in the living room.

Passwords have been the most popular choice of authentication for a long time now, and for a lot of good reasons. For one thing, they’re easy to implement.

An amateur web designer can use a password to protect an administrative section of his or her website, or a bank to safeguard personal information of millions of people. In any case, the idea is the same: protecting something from unauthorized access.

What also makes passwords attractive is their cost. Unlike other forms of authentication that may involve expensive chips or scanners, passwords are easily added to any computer application and can be stored in an encrypted or hashed format.

However, where the password shines in the ease-of-use category, it falls short as being one the less secure forms of authentication (at least by itself).

Many articles have been written of late suggesting that passwords aren’t doing their job, and need to be replaced entirely. In addition, executives from well-known tech companies like Google have even gone as far to say that “Passwords are dead.” To prove that point, one writer for the Wall Street Journal was bold enough to publicly post the password to his Twitter account.

Nonetheless, passwords aren’t likely to go away entirely any time soon. While extra security measures are being taken to add security to online accounts (two-factor, security questions, IP logging, etc.), the first point of entry is still your password. For this reason, we need still take password security as a serious issue for the foreseeable future. Here are some quick tips to do that:

Use long and complex passwords Nobody wants to do this. That is, making a password so complicated that it’s impossible to remember. But sometimes by adding things like numbers and special characters to your passwords, you’ll add more security to whatever it’s protecting.

This usually isn’t much of an option nowadays, as a lot of online accounts enforce the use of complex passwords on accounts.

However, some of us defeat the purpose of creating a complex password by adding a lot of meaningful data to your password. For example, you might make your password “Oliver1985!”, where “Oliver” is your dog’s name, 1985 is your birth year, and the “!” is there only because it’s the first special character you could think of.

French bulldog puppy and Chocolate labrador in front of a white background

In general, you want to stay away from using meaningful information when creating a password. This includes things like names, important years, social security numbers, birthdays, movies, or anything that you identify with.

On the other hand, if you’re having trouble remembering passwords that aren’t exactly meaningful, don’t fret. The following information will help you keep everything organized.

Use a password manager to help you manage the mess These tools are great; they can take a mountain of passwords and consolidate them into one master password. This can be really helpful whenever you have several online accounts (I have at least 50), and remembering all of those passwords becomes next to impossible.

There are a wide range of benefits to having a password manager, and lots of managers available. If one doesn’t work out for you, simply try another. Just make sure you understand the pros and cons to the manager you’re going to use.

Handsome Business Man in Suit with Silly Cheesy Grin Isolated

A major benefit to password managers is the ability to generate complex passwords for the user. On top of that, users don’t have to remember the generated password, but instead only remember a single master password that unlocks access to all of the passwords in the account.

The master password is important, as it will decrypt all of the passwords used for logins by the password manager. The only information that may be stored on the password manager servers will be in an encrypted format, so user information is generally safe, as only registered users should know their master password.

There are a lot of different password managers out there, many of which are now built into your browser. Make sure to do plenty of research before making a choice. If you need further information on comparing some of these managers and their security benefits, consider reading this article.

Use two-factor authentication to enhance security For many users, two-factor or two-step authentication has been an option for a long time on their online accounts.

But that doesn’t mean it’s being used.

Two-factor authentication usually involves a combination of a password and a second piece of information to authenticate a user. Examples of this second piece of information include answers to security questions and SMS codes sent to your mobile device.

For most online accounts, two-factor authentication is never triggered more than once if you instruct a website to “remember this device”. This means that two-factor authentication isn’t going to inconvenience a lot of users, and the added security will go a long way at protecting online accounts.

However, there are opponents of two-factor authentication that state it doesn’t really improve security. Instead, those opposed say it increases the amount of information shared with a web server; information that’s stored in the same place as your password, making it equally susceptible to attack.

More on this idea can be found by reading this article that suggests the idea of two-factor authentication as a whole gives users a false sense of security.

While there may be some valid points to be made in that argument, adding an extra layer of security to an account usually never hurt anybody. Therefore, we recommend adding two-factor authentication to your online accounts when it’s available.

Hopefully this information will serve to better protect your online accounts. For additional info on some of these tips, you can also check out this blog for more details.

Safe surfing.

@joshcannell

ABOUT THE AUTHOR

Joshua Cannell

Malware Intelligence Analyst

Gathers threat intelligence and reverse engineers malware like a boss.