With the rise of digital technology, it seems that each year there’s a new security breach that puts the previous year to shame, and 2016 was no exception. Except now, end-users face even bigger threats when it comes to data theft: the bad guys now have all the time and resources they need to decrypt the account passwords.
Here’s what you need to know about keeping your passwords secure in this upcoming year.
How Can You Protect Against Hacked Passwords?
It seems to have become so common place that inevitably each of us will have at least one account/password combination that’s in the wrong hands. While we can’t prevent that from happening as end-users, we do have the ability to make that information outdated sooner, and thus, less useful. Good password habits are the best defense.
Over time, the bad guys have created huge dictionaries of previously cracked passwords that are used first in attempt to crack their latest cache of stolen account data. Creating longer and meaningless passwords is a good start, but as humans with limited password combinations, that’s not so easy to do.
Use Password Management Systems to Create Unique Combinations
Using a password management service like 1Password does a great job of generating meaningless and difficult to crack passwords that are unique between all of your accounts. The downside is that they don’t always work with every service and they usually have monthly fees.
Using a password generator utility like PWGen can be a big help. It’s a free and open source utility you can run locally to have it can create lots of cryptographically-secure passwords for you to choose from with minimal effort. This type of tool makes it easy for users to ensure they have unique, secure passwords for every account that gets changed often.
2-Factor Authentication Can Add Additional Protection
With the ability of cracking software to churn through billions of guesses per second, using secure passwords by themselves isn’t always enough. Using 2-factor authentication can add an additional layer of protection. This added layer requires not only a username and password to gain access to a site but also an additional piece of information like a constantly changing secret key.
Google Authenticator is a useful tool for 2FA that’s widely supported among different applications and services (there are even WordPress plugins to support it like this one here). Once the application or service is configured to require a Google Authentication key, the user provides their usual username/password combination along with the randomly generated key displayed in the smart phone app for that service.
Overall, the best way to keep your passwords secure is to generate unique, randomized combinations that are cryptographically-secure. If you pair that with 2-factor authentication, you should be on your way to a much more secure password management system.