The link between Margaret Thatcher and safe passwords

Passwords are generally accepted by the security community to not be a particularly good way of securing online accounts or sensitive information. This is mostly because of the way that society have been taught to create ‘safe’ passwords, i.e. by using a mix of symbols, numbers, upper and lowercase numbers. As I highlighted in my previous article, this makes it really easy for hackers to steal your password.

The average individual has around 20-40 different online accounts, and it’s unrealistic to expect users to reliably remember that many completely unique passwords. As such, people often tend to come up with one password they think is secure and then re-use that same combination, possibly with slight variations such adding a capital letter or a few numbers to the end. This, as my previous article showed, doesn’t actually make the password any stronger.

Password managers

The first step is getting out of the habit of using the same password in multiple places. The best way to do this is to use a password manager. The biggest three in the market are Lastpass, 1Password and Dashlane.

With a password manager, you essentially hand over all your logins and lock them with one master password. This means that you don’t have to remember multiple individual ones for each account, just the single master password.

Whilst this is certainly a great help, if all the passwords inside your manager are still easy to crack, or if your master password is insecure and gets hacked, then the attacker now has ALL your passwords… Which is not ideal.

Making secure combinations

Password managers can actually update any insecure passwords, by generating genuinely random combinations (think ‘E1j4aaA0yYXQU^xp^agX’ kinda vibes), which are virtually uncrackable. However, these combinations are very difficult to remember and type out.

So, how can we create passwords ourselves that are both secure, and that we can easily remember?

The concept of passphrases rather than passwords has grown in popularity as of late. This method strings together four random words in a row, giving us a greater quantity of characters that is much easier to type out than randomly generated combinations. It’s also very unlikely that ‘correcthorsebatterystaple’ is going to appear in a dictionary list that an attacker might use to attempt to crack passwords.

It’s worth mentioning at this point that `correcthorsebatterystaple` is a very well-known passphrase nowadays, thanks to online comic strip XKCD, so please do not use this as your password!

This method has also been endorsed by Ed Snowden, who in an interview suggested using a password such as `Margaretthatcheris100%sexy`.

This is 26 characters long and can be made of around 98 potential characters (uppercase, lowercase, numbers and symbols) and theoretically takes hundreds of millions of years to brute force through. And it is far easier to remember. Your master password has to be of this level to give you the best chance of securing your password vault.

And finally, best not to use this as your password either, now that it has been stated in a televised interview!

Written by:

Jordan Peck Senior Data Analyst

Category:

What we think

Date:

16/12/2019

You may also like

What we think

  

/  25 Nov 2019

Targeting in a cookie-less world

Due to both GDPR and the introduction of 3rd party cookie restrictions from browsers such as Safari, Firefox and Chrome, fuelling targeted advertising with 3rd party cookie tracking may soon be a thing of the past. The ICO (Information Commissione

Read more

What we think

  

/  13 Nov 2019

Facebook Pay: yay or nay?

Facebook’s bid for world domination levelled up this week with the announcement that Facebook Pay would shortly be rolling out to users in the US, with the intention of the service going global over time. Facebook Pay will be enabled within Faceboo

Read more