Saturday 21 Jan 2023

Image copyright

Password hygiene

I was thinking about computer security and prevention of being hacked.

A common reason people are hacked are due to poor password hygiene. This comes up a lot on secruity podcasts and from the recent Smashing Security (Norton unlocked, and police leaks) episode. It's important to have long (over 12 characters) password for separate websites/services. Often, if a site is comprised, hackers will use your password on all your services including your email. Once they’re in to your email, they can click “forget password” on all your services.

Good password hygiene

Never reuse passwords. I am not going to discuss my password manager here, but it's essential for password hygiene to use a password manager, then you only have to remember one password.

Use a good password, for example to defeat password dictionary attacks:


This works because it's greater than 12 characters, has special symbols and numbers. Also, I have added numbers in the middle of the words which are unlikely to be predicted by a dictionary attack.

In addition, I used to listen to Security Now, and learned how Gibson recommends padding the master password with special characters as detailed on his password haystacks page. He suggests adding a series of characters to defeat dictionary attacks, and he created a wonderful tool to test your password choices.

(Green followed by 20 dashes)

And finally, do not forget two-factor authentication.