Good Passwords Are Key to Good SecurityWhat are the most important measures you can take to improve your online security? New research by Google shows that security experts answer this question with a focus on password security. Passwords need to be strong and unique. The only way normal people can accomplish this goal is to use a password manager.
A password manager is a program that keeps track of all the usernames and passwords for your different services. When you browse to a site and log in for the first time, the password manager stores the site, username and password you use. Subsequent times when you browse the site, the password manager fills in those fields for you.
A good password manager stores the sites, usernames, passwords and other information heavily encrypted in the cloud. This gives you backup and means you can use all your sites on any device from which you can log into the password manager service.
Don't be afraid that a breach at the password manager could expose all your accounts. If the password manager is doing things right, it would be really hard for the attacker to use the information effectively. Recently, industry leader LastPass got hacked. The attackers got encrypted master passwords and email addresses for users. Cracking even one of those master passwords would require considerable computing power and a lot of time. In the meantime, LastPass notified all users and prompted them to change their master password. Having to deal with such possibilities is a far better option than keeping track of passwords yourself.
Use complex passwords Many a user account has been compromised because the password was short and simple or one of many used by those unwilling to put any thought into the matter: Lists of most common passwords are usually filled with entries like '12345', 'password', 'qwerty' and 'asdf'.
Keep dictionary words out of your passwords Even if your password is a long and complicated word, like 'antidisestablishmentarianism', it may be easy to crack. Attackers can obtain or prepare "rainbow tables," which are lists of encrypted hashes of dictionary words and compare compromised password hashes, like those from LastPass, to those in the table.
Don't reuse passwords. If one of your passwords is obtained by an attacker, they may try using your email address or username and that password on other services as well. Using different passwords for every login is the safest way to go.
Following these policies, especially at first, takes some effort and determination. The last three are effectively impossible for a normal human being without following the first one. A good password manager makes it practical to have a good password policy. They can generate strong, random, unique passwords for each of your accounts. Get a good password manager and use it right and the next time you hear that some service you use has been breached you can rest easy. You might have a problem, but it's a very small one compared to the other users.