PASSWORDS
How properly are your treasures guarded?
What’s the lesson about?
We do not underestimate you – we know that your password is more sophisticated than "Name123." However, times are changing and this knowledge alone is no longer sufficient in the 21st century.
The module contains four parts:
- You'll be reminded why passwords are one of the most important elements of your security. ⏭️
- We'll discuss how to create a unique and secure password. ⏭️
- And how to manage them to ensure they remain truly secure. ⏭️
- Finally, we have a guide to password managers that will significantly simplify everything for you. ⏭️
EXTRA 15 MIN
1 CHALLENGE
1 TUTORIAL
1. Why (re)think passwords?
Password unlocks all your hidden secrets. It is your ID card, bank account, a message from your lover, medical record, and idea for a new business.
You prove your identity using passwords, and once someone else acquires it, they gain access to your most intimate details. They could misuse it in many ways or impersonate you. Furthermore, losing your password can also harm your loved ones.
An attacker might attempt to obtain your password through deceit or might use technology to try thousands of password combinations every minute. If your defense is inadequate, they will exploit it.
2. What does "secure password" mean?
The art of creating a strong, secure password doesn’t lie in using dozens of special symbols that make your head spin. How so?
Just use a combination of memorable words for you. It’s good to intersperse these with other special characters. For example:
- speed-156km!-onabike
- torepinkVioletswithdynamite
- rabbit-jumped-over-2fields-HOOP
- Betrayal!Marketawentbyboat
- 3caratring-fromM
- threeHundredThirty3silver
Such passwords are called passphrases passwords and would take several million years to break.
Challenge: Create your passphrase
-
Part of a poem, something funny you see around, a childhood memory – all of it can be a good start for creating a passphrase. Three to four words should be enough.
-
If you want to perfect the password, add placeholders (spaces, numbers, punctuation, symbols) at random locations.
-
Just avoid obvious steps, such as using 3 instead of E, 4 or @ instead of A, or 0 instead of O. Also, do not place special characters only at the beginning or end of the password.
Practical tip: Users often create a new, very creative password that they quickly forget. Therefore, repeat it several times a day after its creation, for example, every time you walk from the toilet :)
No matter where you are on your life's journey, responsible behavior will never harm you. Therefore, never again:
-
Repeat the same passwords for different accounts
Breaking one password and gaining access to four accounts? Jackpot! But for the attacker. -
Do not write passwords on a piece of paper
The paper can get lost, soaked with coffee, seen by a passing visitor. You never know. -
Do not share passwords (not even with a partner)
Everyone deserves their privacy. Relationships can be complicated enough without shared accounts. And if you suspect that your password has been disclosed, change it immediately. -
Do not store passwords in your browser
Browsers are great, but don't trust them with your passwords, as it's not their primary task. Rather, use a much safer password manager – read on.
And what about regular password changes?
If you have strong passwords, it is not necessary to change them regularly. However, this only applies:
-
As long as your computer has not been infected with malware (malicious code), in which case change the passwords for all major services.
-
As long as you do not suspect that your password has been disclosed. In such a case, always change it as quickly as possible. By the way, the free service haveibeenpwned.com can also alert you to your password leakage, more information about it is below in the bonuses.
Password manager – a smart vault for all your passwords (guarded by an eight-headed basilisk in an invisible castle across a moat with acid). With the help of one main passphrase password, you easily access all the others.
-
You create and remember only one main passphrase password – that's how you unlock the manager. It takes care of all the others.
-
It stores them in encrypted form and easily fills them in the login field when needed. Safe and convenient!
-
The basis is to choose a trustworthy password manager to ensure that your passwords are completely safe. We have chosen the password manager Bitwarden for you and will show you how to use it.
-
If you are interested in the whole issue more, you will find a link to a more detailed article in the bonuses below.
Tutorial: Password Manager Bitwarden
-
It's a reliable, free, and open-source password manager.
-
It runs in the cloud – meaning you have access to your passwords anywhere you have an internet connection.
-
It also offers other useful features, such as password security checks.
Installing and Using Bitwarden in Practice
🟡
The following video will first guide you step-by-step through the installation of the Bitwarden password manager.
🟡
Next, we will focus on its most common practical uses – automatically saving and filling in login details.
🟡
At the end, we also discuss the importance of setting up multi-factor authentication for Bitwarden. If you are unfamiliar with the term, we will cover it in the next module of this course.
-
Remember, a password unlocks not only your intimate world but also your family, work, financial life, and life at MUNI.
-
Once you install a password manager and create a strong passphrase for it, most of your work is done.
-
Then just follow the minimalist principles for safe password work, thereby avoiding potential serious problems.
Bonuses for curious users
Warning signs
HaveIbeenPwned.com will send you an alert if the security of accounts associated with your email address is compromised, allowing you to change problematic passwords in time. It's free and easy to start (how to).
Want to know more about password managers?
We have written about them in our article. You can find a non-cloud alternative to Bitwarden or learn about the companies that provide password managers – what do you think, do they have access to your passwords?