What’s the lesson about?
We do not underestimate you; gone are the days of writing PIN code on the back of the credit card or passwords like Name123. But the times are changing fast, and in the tricky cyberspace, this knowledge is no longer enough.
The lesson contains four parts. You will recall why passwords are crucial in cyberspace. You will learn to create a unique, strong password and find ways to protect it. We've chosen the golden mean, just the things you'll apply in practice.
Why to (re)think passwords?
Passwords unlock all hidden secrets. The password is your ID card, bank account, a message from your lover, medical record, an idea for a new business, grocery list, a photo before the 30 days “get fit” challenge.
You prove your identity using passwords, so if they’re stolen, the thief gains access into your deepest secrets and starts becoming you. Not every attacker sits in a hoodie thinking about your pet’s name, so (s)he would finally reveal the password for your scholarship or bonus payments. Internet bots are trying thousands of password combinations every minute. Those technologies do not perceive you as a human being; they don't feel empathy. Their only goal is to access your treasures, secrets, and memories.
The art of creating a strong, secure password doesn’t lie in using dozens of special symbols that make your head spin. How so?
The secret of strong passwords is a combination of memorable words. These passwords are called passphrases (one example: ittakes2totanG0), and breaking them would take millions of years. On the contrary, passwords with special characters on predictable places (e.g., @ instead of a, $ instead of S, ! instead of i, dot at the end, etc.) can be broken within 4 weeks. You will use a passphrase for the password manager, too. By the way, people who initially used one simple password for every account and are switching to a new passphrase tend to make it super-complicated. As a result, they forget it in a few days. Keep practicing and repeating new passphrase in the beginning before you get used to it.
More passphrase examples: WH0Ashesaidyes, rating9*forG0T, never8say8never, makethemscreamG000AL, oncebittentwiceshy
Create your passphrase
Part of a poem, something funny you see around, a childhood memory – all of it can be a good start for creating a passphrase. Three or four words should be enough. The perfect passphrase contains special characters in random places. See our example (ittakes2totanG0): thanks to little word-playing, we included two numbers (2 and 0) in the word, which is not so common.
Forget about passwords, just install the password manager – the infallible vault of your passwords (safeguarded by an eight-headed basilisk in an invisible fortress behind a moat full of poison). It is usually a cloud solution; therefore, you get access from anywhere online (it’s like the Information system of MUNI). All you need to know is your passphrase.
Most people have no experience with a password manager. Trusting one product with all my passwords? It sounds too risky! We understand this concern. Nevertheless, a password manager is considered the most secure and reliable method, according to specialists and research. Why is that? Each person manages dozens of accounts (try it and count yours), and each of them should have a different and secure password. Can you remember all of them? That's utopia, so many people repeat or alter more or less the same passwords. In the end, a password for a bank account and a social network end up being the same, and the problem is growing. A compromise is to store only passwords of medium and low priority in a password manager. This will leave enough space in your mind for the most important passwords (online banking or work e-mail).
Can you do more?
Yes: stop overthinking security rules. The basics are simple: use a password manager and secure passphrases. Another helpful thing is two-factor authentication. Terminology differs across services, but it is simply enhancing your log-in process with another layer (identifier).
The layer can be a gesture, a biometric lock – fingerprint or face recognition, PIN code, SMS code, or one-time password (OTP). It all depends on the possibilities of the service or app. Let’s stop fooling ourselves; most people have at least one unfortunate habit which, sooner or later, will cost them a loss of their account. Some examples: agreeing on a collective password for a shared work account, pinning passwords on a board, or using the same password for a bank account and Instagram. So which bad habit will you eliminate right now?
Don't put meaningless effort into writing passwords on a piece of paper: it can get lost, splashed by coffee, or read by a visitor. You never know.
Don't share passwords (not even with your partner). Everyone deserves privacy. Relationships can be complicated even without shared accounts.
Don't repeat the same passwords for various accounts. Breaking one password and getting inside four accounts? Jackpot! But for the attacker.
Remember that passwords unlock not only your private world but also family, work, financial – and university life. Still, managing passwords can be relatively simple because once you install a password manager and create a passphrase for it, your work is almost done. The one last thing to do is logging into the manager (and, therefore, using it) regularly.
Bonuses for curious users
How long would your password survive against an attack?
So, we still haven’t convinced you that James78 is not a secure password? Well, try the strength of your password on the LastPass webpage. (Please, don’t write your actual password, think about something similar – e.g., instead of James78, use Mary90). Moreover, after registering on HaveIbeenPwned.com (How to register?), you can receive updates about security breaches connected with your e-mail address.