The link between Margaret Thatcher and safe passwords

Passwords are generally accepted by the security community to not be a particularly good way of securing online accounts or sensitive information. This is mostly because of the way that society have been taught to create ‘safe’ passwords, i.e. by using a mix of symbols, numbers, upper and lowercase numbers. As I highlighted in my previous article, this makes it really easy for hackers to steal your password.

The average individual has around 20-40 different online accounts, and it’s unrealistic to expect users to reliably remember that many completely unique passwords. As such, people often tend to come up with one password they think is secure and then re-use that same combination, possibly with slight variations such adding a capital letter or a few numbers to the end. This, as my previous article showed, doesn’t actually make the password any stronger.

Password managers

The first step is getting out of the habit of using the same password in multiple places. The best way to do this is to use a password manager. The biggest three in the market are Lastpass, 1Password and Dashlane.

With a password manager, you essentially hand over all your logins and lock them with one master password. This means that you don’t have to remember multiple individual ones for each account, just the single master password.

Whilst this is certainly a great help, if all the passwords inside your manager are still easy to crack, or if your master password is insecure and gets hacked, then the attacker now has ALL your passwords… Which is not ideal.

Making secure combinations

Password managers can actually update any insecure passwords, by generating genuinely random combinations (think ‘E1j4aaA0yYXQU^xp^agX’ kinda vibes), which are virtually uncrackable. However, these combinations are very difficult to remember and type out.

So, how can we create passwords ourselves that are both secure, and that we can easily remember?

The concept of passphrases rather than passwords has grown in popularity as of late. This method strings together four random words in a row, giving us a greater quantity of characters that is much easier to type out than randomly generated combinations. It’s also very unlikely that ‘correcthorsebatterystaple’ is going to appear in a dictionary list that an attacker might use to attempt to crack passwords.

It’s worth mentioning at this point that `correcthorsebatterystaple` is a very well-known passphrase nowadays, thanks to online comic strip XKCD, so please do not use this as your password!

This method has also been endorsed by Ed Snowden, who in an interview suggested using a password such as `Margaretthatcheris100%sexy`.

This is 26 characters long and can be made of around 98 potential characters (uppercase, lowercase, numbers and symbols) and theoretically takes hundreds of millions of years to brute force through. And it is far easier to remember. Your master password has to be of this level to give you the best chance of securing your password vault.

And finally, best not to use this as your password either, now that it has been stated in a televised interview!

Written by:

Jordan Peck Senior Data Analyst

Category:

What we think

Date:

16/12/2019

You may also like

New Business Picks

  

/  18 Mar 2020

A guide to pitching – for brands

Pitches. Love them or hate them, they’re a big thing in our industry. Whether your stance as an agency is to not participate, to pitch for them all, or to go for a select few, there’s no getting away from them. Ultimately, which approach you t

Read more

New Business Picks

  

/  13 Mar 2020

Just the two of us: why competitor collaboration is a win-win for both brands

Disclaimer: personally, I believe the best burgers come from cosy pubs and mom-and-pop restaurants. Google ‘Muddbones’ in Bonham, Texas – you will not be disappointed! However, I do enjoy the ‘rivalry’ between two of the leading burger c

Read more