It’s Time to Tighten Your Security

The greatest threat to your online security is the strength of your password.

No more excuses. The academic year is over for most of you. Set aside an hour to devote to your online security.

You know all those websites you log into? They should each have their own password. Seriously. If hackers break into one site, they use those usernames and passwords to try logging into other sites. If your passwords are unique, they will fail. Also, those passwords should be long and contain different kinds of characters.

Use a password manager

If you don’t already have a password management system, get one. No, the post-it notes on your computer monitor and your password-laden Rolodex does not count.

I use LastPass, but there are other good ones out there. With LastPass, you only need to remember one password. And you do need to remember it. LastPass doesn’t even know what it is. With LastPass, your passwords are encrypted locally before being sent to LastPass. That means that if anyone breaks into LastPass, all they will get is a bunch of encrypted gobbledygook.

LastPass will generate random passwords for you, autofill your username and password into websites, and allow you to share passwords to designated sites with trusted family and friends. That means I have no idea what the password is to my bank account – and I don’t have to. It’s a random string of letters, numbers, and special characters of some length, probably more than 16 characters. And because I have shared this password with my wife, she could have changed it this morning for all I know. In any case, LastPass has saved the change. The next time I log in, LastPass will use the most recent username and password.

Also, LastPass is free. Pay $12 a year for added features. Totally worth every dime.

When you run LastPass, give it permission to pull any usernames and passwords you have saved in all of your computer’s web browsers. Then let it delete that information from your web browsers – you don’t need it there; it’s in LastPass. Install the LastPass extension in the web browsers you use most often. And install the LastPass app on your phone.

Log into the LastPass website and run the “security challenge”. LastPass identifies sites that have had security breaches and, for the sites it can, LastPass offers to change your passwords to those sites. That’s right. You don’t have to log into those sites and change your passwords. LastPass will do it for you. LastPass also looks for weak passwords, reused passwords, and old passwords.

Also, you can store credit card information and other “form fill” information like email address, home address, phone number. And you can store anything information you want in a “secure note”.

Create a strong password

While I use the LastPass password manager to automatically log me into websites, I still need a password I can easily remember to get me into my computer in the first place.

Step 1. Think passphrase, not password. Longer is stronger. Never use a word that can be found in a dictionary. Hackers, once they have your username – most commonly, your email address – they will try the most common passwords first, like 12345 or password. Then they’ll run through the dictionary trying each word as a password. Then in a brute force attack they’ll use an algorithm to try every lowercase letter/uppercase letter/number/special character combination. The more characters you use, the longer it will take for their algorithm to generate your password.

longwindingyellowbrickroad

26 characters, lower case alphabet only
Search space size: 6.4 x 1036

Time to search that space: 20 trillion centuries

Search space size is the “count of all possible passwords with this alphabet size and up to this password’s length.” Time to search that space assumes that if the computer program is making one hundred trillion guesses per second, this is how long it would take the computer program to search all possible passwords given these parameters. Explore how changing password length and including different kinds of characters changes your password strength.

Step 2. Add a special character

?longwindingyellowbrickroad

27 characters, lower case alphabet, special character.
Search space size: 6.61 x 1047
Time to search that space: 2 trillion trillion centuries

Step 3. Make one letter upper case

?Longwindingyellowbrickroad

27 characters, upper & lower case alphabet, special character.
Search space size: 1.26 x 1052
Time to search that space: 40 thousand trillion trillion centuries

Step 4. Add a number

?1Longwindingyellowbrickroad

28 characters, upper & lower case alphabet, special character, number.
Search space size: 2.4 x 1055
Time to search that space: 76 million trillion trillion centuries

Last thing to do

Sleep better tonight.