In today's world it seems far too often computer security takes a backseat to all the drama and stories and feeds that engulf social media. So I decided in light of this and as a late Computer Security Day post I wish to enlighten those who may come across this post on the myths of password security and some good password hints and tips that are good for all platforms.

 

MYTHS:

  • Complex Passwords are #1
    • Password strength is directly related to password entropy. Password entropy is increased more efficiently as the password length is increased when compared to replacing  letters with symbols.
    • FACT: While "P$s2#$%0" is a very strong, however, "golfhoneykangaroocookiedogbasket" is a stronger password  
      • It is important to choose random words rather than: names, repeating sequences, or well-known key strokes such as "qwerty"
  • Websites and Large Companies Securely Store Passwords
    • 50% of web apps store unencrypted passwords AKA just text
  • Password Checkers Force The Creation of Strong Passwords
    • Password checkers (the things that say if your password is good or not when signing up for websites) use custom security criteria in order to test the "strength" of  a password. These subjective criteria are not necessarily best practices (EX: limited length passwords).
  • 2 Factor Authentication Allows for Weak Passwords
    • Like any security method that has ever been implemented, there are security flaws.
    • Matthew Prince, CEO of CloudFlare, had his email compromised even after implementing two factor authentication.
    • IT IS STILL A GOOD IDEA TO USE THIS! HOWEVER, use a STRONG password as well as implementing this.
  • CAPTCHAs Keep Your Accounts Safe
    • Are not secure and are more effective at decreasing the effectiveness of the user interface than actually being a method of security
      • Text based CAPTCHA values are only agreed on 71% of the time and take ~10s on average to solve
      • Audio based CAPTCHA values are only agreed on 31.2% of the time and take ~28s on average to solve

 

GOOD PASSWORD PRACTICES:

  • Try to make your password at minimum 12-15 characters long
  • Avoid common terms, repetitiveness, or common numbers (2580, 1234, etc.)
  • Spread out the capital letters, special characters, and numbers
  • Don't use the same password on multiple accounts
  • Don't change your passwords very often, make them stronger
  • Don't use your username in your password
  • Use two-factor authentication when available