June 6, 2018 Blogby Andrei Sfat

Password Management? “I have nothing to hide"

In a series of two blog posts, Andrei Sfat (Developer at iWelcome) shares his thoughts and some useful tips and tricks on the use of online passwords.

We live in a time where everything you want to do requires internet access and almost all online actions require a registration process where an account needs to be created.About every time you register for a new account you need at least two mandatory items: email (or a uniquely identifiable attribute) and, most importantly for this blog, a password.

In this blog, I’ll make you aware of the importance of a secure password and provide you with some tips and tricks on how to create one.

 

Why should I care?

Passwords have been around for quite a while and people have talked intensively about it. Few people, however, understand the importance of creating good and secure passwords. And many people are using the same password for all their personal accounts. That’s one of the most insecure things a person can do.

When asked for why they do this, most people will answer things like: “I don't care” or “I have nothing to hide”. Well... That’s simply wrong. Nobody can be that open in exposing every tiny bit of his or her life stored at any website. Why do we lock our doors every day we leave our homes? The answer is simple: we care about our privacy and our belongings.

 

Different types of passwords exist

1. Easy passwords

What most people usually do is think of common things that can be easily remembered. For instance, if someone’s pet is called "Phoebe", a person tends to use this as password for a wide variety of websites. Unfortunately, however, it is also the most vulnerable type of password (yes, the ‘12345678’ type of password excluded..). Anyway, using something like your pet’s name as a password is not safe, as your neighbour might know your pet's name and he thinks one day: why don't I just try and log into his Facebook account and perform some wrong actions?

2. A bit more complicated passwords

Perhaps we can go one step further and add a few digits or some symbols that are not too obvious at first sight (i.e. Phoebe89!).

This combination of characters and symbols together with something easy to remember does make your password less vulnerable. Unfortunately, though, we have this common problem as human beings: we tend to forget things. So you’d better come up with a good combination and pray every day that you don't forget about it.

Another approach would be a sentence for a password (also known as a "passphrase"), which is considered to be safer and easier for remembering your password. One example could be: phoebe-is-the-most-awesome-pet (I have used hyphens for separating words in the sentence, but it can also be spaces, depending on the website you try to register for).

3. Generated passwords

I presume you think there is a better way. And well… There is.

We can generate passwords without having to think of a combination of letters/digits/symbols ourselves. There are a few ways to do this:

a) Using a password generator

As there are a few standard password generators out there, let’s take one as an example: Strong Random Password Generator.

All you have to do is to open the generator and press Generate Password.

And this is what we get:

yRY7@j6=wqdg5gL?

b) Diceware

Another approach for automatic password generation is called Diceware. I won't get into details on this approach, but in short: there is a list of words and a dice that you can use. You throw the dice five times in order to get a number, like 53421. The number is associated with a word from this list. In your case, the word is severe. You repeat this process for at least a few words and you got yourself a password (well, technically a passphrase).

The good news: by doing this, you got yourself a pretty decent password to use for your new account.
The bad news: You will probably have to write it down somewhere if you don't want to forget about it.

The latter is the main difference between a Password generator and Diceware: the complexity for a hacker to guess your password.

5 Diceware words = 77765 = 28430288029929701376 possible equiprobable passphrases.
9 random characters = 949 = 572994802228616704 possible equiprobable passwords.

You probably asking yourself: why even bother. Nobody will guess these passwords anyway.

Do not fool yourself. Computers these days have an extraordinary process capacity and hackers can perform brute force attacks on your password. It will not take them days, but hours, or even minutes to get to the right combination.

 

Step 2: Using your password

Now you’re all set to create a strong password, the logical next step is to use it, right?

In my next blog, I will explain ways how to strengthen your security on the Internet in a more convenient, secure and easy way.

 

Feel free to repost this blog on your website or social channels! But when you do so, please be so kind to mention the source and give us a notice via marketing@iwelcome.com.

 


 Andrei Sfat

Developer at iWelcome

Andrei works at iWelcome’s office in Cluj, Romania, as developer.