This is the first post in a multi-part series on computer security essentials. I am not a computer security expert but there’s some basic computer security essentials that a surprising number of people don’t understand. The aim of this series is to raise awareness of these. I will be covering password vaults, two factor authentication, devices and local encryption.
Let’s start with the basics of passwords with a quiz.
Which passport do you think is more secure? What do your passwords look more like?
If you take a look at howsecureismypassword.net and put in these two passwords:
a) It would take a computer about 4 HUNDRED YEARS to crack your password
b) It would take a computer about 1 OCTILLION YEARS to crack your password
This is because b) has a higher level of entropy, even though it is far easier to remember!
This cartoon explains this really well (and shows where I got the passwords!) and explains how we’ve trained everyone to use the wrong passwords!
There’s a few things to remember about passwords:
- Never give your passwords to anyone else – no matter how nicely they ask
- No two passwords should ever be the same – even if they are “throw away” passwords
- You should use use pass-phrases like the example b) above for passwords you need to remember, all other passwords should be randomly generated to be at least 24 characters and have numbers, mixed case letters, and symbols – and be stored in a password manager – I’ll cover password managers in my next post.
- Passwords and passphrases should not be constructed from known phrases.
Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn1.is a bad password; it was cracked in minutes as it contains a known phrase from a short story called The Call of Cthulhu.
- Don’t store passwords in a Google Doc or other online document service even if it has two factor authentication – use a password manager (which I will cover next post)
Thanks to my employer Automattic for educating me on the importance of personal computer security.