You may have read about naked pictures of Jennifer Lawrence and Kate Upton recently being posted to 4Chan and Reddit, or about a recent release of 5 million passwords to a bitcoin bulletin board, or about data breaches for Target and Home Depot customers. We are apt to feel cognitive dissonance between these events and our online behaviors, but these events are relevant to us in every way.
Sure, naked celebrity pictures generate a level of interest that access to the contents of your iCloud account may not generate. BUT, if your iCloud password and email address are the same for your bank account, you might see how phishing could cause you quite a bit of trouble.
As another example of how widespread security exploitation is, I recently started using the Bulletproof Security plugin on my site and was amazed at how many “brute force” login attempts were made on any given day (WordFence’s real-time feature also show you this, although for the sake of your load time you should turn that feature off). Long story short, digital media exposes a vulnerability and it is exacerbated that most people use easily remembered or duplicate passwords to login to their many sites.
“The user’s going to pick dancing pigs over security every time.” — Bruce Schneier
What I want to do is present the case that every one of your passwords should be completely unique (I hope that you intuit this fact somewhat already). I also want to introduce you to a couple of tools that can help you to accomplish this. One of the tools that I’ll introduce is F-Secure Key, which is a password generation and storage software that resides on your phone and on all of your devices (see brand disclosure and free trial offer at the end of the piece).
All of your passwords should be secure and unique. And if you’re anything like me many of your current passwords are not. Let me explain some of the reasoning behind the need for secure and unique passwords and then introduce you to the F-Secure Key tool, which can make the management of secure and unique passwords fast and simple.
What makes for a good password?
Figuring out the number of possible combinations of a password is pretty simple. It’s the number of possible characters for the first number times the number of possible characters for the second number and so on and so forth. For example, the number of possible combinations for a four-digit numbers-only iPhone password would be:
10 characters (first digit) x 10 characters (second digit) x 10 characters (third digit) x 10 characters (fourth digit) = 10000 possible combinations
So the two tactics available to make passwords more secure would be to expand the number of possible characters (with uppercase letters, lowercase letters, numbers and symbols this equals 95), and to increase the number of digits in the password.
To show you how effective this could be I made the following table:
|Characters||Possible Combinations||Seconds to compute|
What you can see in the second column is that number of possible combinations as you add characters grows large quite rapidly. HOWEVER the third column reveals that these incredibly large numbers offer false security: a regular desktop computer can generate over 735 million possible password combinations (the number in a six character password) in about four seconds. It’s not until we reach double-digit passwords (10-characters or more) that we see significant difficulty to conduct brute force attacks. (Computation time calculation courtesy of howsecureismypassword.net).
These stats describe how someone could hack your accounts using brute force attacks. Many sites will freeze out logins after a certain number of attempts so that even if a computer can generate hundreds of millions of password combinations in a few seconds they have no way to use this, or use two-factor authentication to insure that even if one aspect of your account is hacked that there is further information needed to access your information.
If you’re not using two-factor authentication on sites like Google, Facebook, Twitter and LinkedIn, you’re nuts IMHO. You may remember that Sarah Palin had her Yahoo email hacked when somebody verified some information that was publicly available on her Wikipedia page in order to change her password and access her stuff.
Brute force isn’t the only way to access you accounts (In fact, if your security password is strong enough and unique, it becomes very difficult). Phishing is a popular and increasingly sophisticated practice where you receive emails pretending to be your bank, social accounts, etc and are prompted to enter your username and password into a visually identical or similar site. Once you do this, you reveal your username and password to the evildoers. This is more or less the same thing as sending your bank information to a Nigerian Prince so he can wire you a bunch of cash.
Whether procured by brute force, phishing or another method, once someone has access to one account they may be able to gain access to more of your information. For example, access to Facebook, Google or Twitter would allow someone to access other sites using social logins. But the more serious threat is one of human nature: we don’t remember things all that well, so we often repeat passwords across different apps and platforms. If you had my Google password for example, at one time you could have accessed my bank and my social platforms. THAT is a huge problem.
A couple of solutions
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”
― Benjamin Franklin
YOU NEED UNIQUE, SECURE PASSWORDS FOR EVERY ONLINE ACCOUNT THAT YOU HAVE (sorry to yell there). But how do you do it?
There are a lot of different solutions out there that will help you create unique, random passwords for your accounts (I’ve used random.org in the past). But then you create another (possibly bigger) security problem: what would happen if someone found the word document, or Evernote, or piece of paper with your passwords on it? They would then have access to all of your accounts.
This is why I am a huge fan of F-Secure Key. F-Secure Key is an app on your smartphone (free for smartphone, $1.50 per month for premium use on all devices) and on any of your other computing devices that generates, stores and easily applies unique, secure passwords for all of your applications.
The video should give you an idea of how this works, but to describe it quickly:
- You create a master password which allows you access to F-Secure Key.
- You start to create profiles for each of your applications in F-Secure Key.
- F-Secure Key creates random passwords based upon the length and character parameters you set (incidentally, a 32 character password incorporating 95 possible characters would take about 21 quattuordecillion years for a desktop computer to break)
- When you need to call up a password, you simply open F-Secure Key with your master password and cut and paste to the social network login screen.
- I had to reset the password for eight different apps because I couldn’t remember their passwords.
- Of the twenty or so other apps that I could remember, there were only three unique passwords between them
- F-Secure Key has been flawless, pasting unique, secure (32-character) passwords with just two clicks every time I’ve been prompted for a password.
F-Secure Key is pretty easy to set-up (unless you are like me and can’t remember your passwords) and super easy to use once you’ve got all of your passwords inside of the app.
Passwords used to be the bane of my existence, and now my passwords have never been more secure, are completely unique, AND easily accessible and usable with two clicks to copy and paste.
Whether you try F-Secure Key or use another method to manage your passwords, I hope I made the case that you need to have unique and secure passwords for all of your accounts. If you don’t have a method to do this, consider trying the F-Secure Key free trial (details below). Even if you opted only for the free mobile app, it seems to me you would be in a better situation than trying to store all of your passwords elsewhere.
I am a paid brand ambassador for F-Secure Key and I love F-Secure Key.
I would like to think that these two facts are mutually exclusive but invite you to try F-Secure Key Premium for free and decide for yourself if it is as good as I say it is.
All you have to do is download the free mobile app for Android/iOS
Android: Go to Menu-Help- Enter PREMIUM VOUCHER
iOS: Help Menu- Promotional Code
Enter the code PREMIUMKEYOFFER14 for two free months of the premium (multiple device) service.
You can follow this link to download the mobile and desktop apps: http://bit.ly/1u55jeM