23 Things for Research involves many free online services that require you to create accounts and choose passwords. In this short Thing, we explore ways to protect your online identity on these services: password security, password managers, two-factor authentication, and why “letmein” and “trustno1” are bad password choices.
Picking a secure password
Not all passwords are created equal – a strong password will increase your online security more than any other single action. But what makes a password strong?
To begin, try experimenting with different passwords on this site:
It will tell you how long it would take someone to hack your password.
Passwords like “iloveyou”, “123456”, “batman”, “letmein”, and “trustno1” are not secure. For some reason, they’re all very popular choices – see this list for more:
Secure passwords fit somewhere along the right side of this continuum:
|Weaker password||Stronger password|
|connected to you (names, significant dates)||random|
|words in the dictionary||random letter combos|
|lowercase only||mixed with uppercase|
|letters only||numbers and symbols|
Secure but memorable passwords
If you use the same password for any two of your accounts, then an attacker might only need to break into one of those two systems in order to break into the other. But we might use dozens of accounts every day – so how do you remember them all?
Some people start with a “base” password and use variations (e.g. different numbers, a different order) on different sites. This can work well, but it’s still a good idea to keep unique passwords for crucial services like your primary email address or bank account.
Some people use a passphrase instead of a password: three or four randomly chosen words are easier for you to remember and more difficult for others to guess. Just don’t choose a common phrase, song lyric, or movie title – hackers know about this trick as well.
Many people use programs that remember your passwords for you. Some keep your passwords securely on a thumb drive, others store them encrypted on the web, others still represent a ‘formula’ by which passwords can be generated (and re-generated) on demand. Not only do these tools make you more secure online, but - once you get used to them – they actually make your online life faster and easier, too. Try one of these:
LastPass and Dashlane are both easy-to-use, free, web-based password managers, with optional low-priced top-ups for extra features like smartphone editions and advanced two-factor authentication options
KeePass is free and open source, and runs on your computer or thumb drive, which some people consider more convenient or secure, but can take a little more work to get started
SuperGenPass generates unique passwords for each site you use, based on a master password (that you don’t use anywhere else); instead of remembering passwords, you just re-generate them; and it’s free
2-step verification is an additional stage that you can add when logging into some services to boost the security of your account. Many of these involve a unique number being sent to your mobile phone. You enter that number along with your password, so a hacker cannot access your account without physical access to your mobile phone. See these guides to 2-step verification:
You don’t need to do anything more to complete this Thing. Move on to Thing 3 for the next course activity.
For a funny overview of online security concerns, watch this video:
This post is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.