Passwords: Your First Line of Defense  

Things have changed a lot over the last few decades, especially in cybersecurity. Once, a simple word with some special characters was all you thought you needed to protect your private information. It’s not that simple anymore. Now you’ll find people suggesting long passphrases, password managers, and passkeys. In this article, we’ll go over what they mean and which is the best option for you and your information.  

Different Methods 

The Passcodes of Yesteryear 

It used to be rather simple to create a password, just a few characters. Then they added other conditions, different casings, numbers, and symbols. Don’t forget letters and numbers shouldn’t be consecutive either! Unfortunately, even with all these requirements, these simple passwords are no longer secure. Brute force attacks enable hackers to attempt many combinations of characters in seconds. Though you can make it longer, but then that might be hard to remember.  

Passphrases: “Fancy Fairy Flies Forward” 

Sounds a bit like gibberish, doesn’t it? But you wouldn’t guess it, and Security.org believes it would take 15 octillion years to crack. Passphrases take passwords to the next level. They’re longer, but making it a phrase makes it easier to remember. You can use the lyrics to your favorite song (with or without spaces), an iconic line in a movie, or you could pick something random, as I did above, so there's nothing personal about it. You may need to add a number or symbol somewhere in the phrase, but that is all you’ll have to remember. Though there is another method even stronger than passphrases. 

Randomly Generated 

No password will be as strong as one that has been randomly generated using numbers, symbols, and letters. These passwords are more secure but are often lengthy and a bit inconvenient to type out, so they’re often used alongside a password manager. Most password managers include the ability to generate passwords based on your given criteria.  

Password Managers: “Can’t I just use a notebook? “ 

I mean, you could use a notebook that contains all your passwords, but if you have a fire, then all that information is lost. Plus, it can be a bit inconvenient to carry a notebook along with you when you travel. Password managers, however, are built into many browsers such as Chrome, Safari, and Edge. If you plan on using it across multiple devices and browsers (Chrome on your PC, but Safari on your iPhone), then you can use a password manager like Bitwarden or LastPass. 

Bitwarden has a free personal plan with unlimited passwords. LastPass has a free plan for one device or a plan for $3 per month for multiple devices. Both also have family and business plans, so you can make it easy to share. You no longer need to text your son the password for Netflix. They also have extensions and apps that you can install on your device to make logging in easier. You just sign in to your password manager once (maybe using a passphrase so you can remember it), and then it will autofill your information when signing into other accounts.  

Passkeys: “What’s that?” 

One of the newest members of the authentication family is passkeys. While still not highly utilized, they’re seen as the most secure method of authentication and the simplest method of logging in. Passwords, unfortunately, are always at risk because you’re entrusting a website to store them securely. Passkeys are often physical, such as your phone or a key fob. Rather than passing a password back and forth, it just confirms that your login is successful. It takes the password out of the equation and removes the risk of a website leaking it. 

Multi-Factor Authentication – So Many Steps 

I know, I know. You just want to log in and do what you need to do. Unfortunately, if you want to be safe, then you should really take the extra step and make sure each of your accounts has multi-factor authentication (MFA). This helps protect your account from password leaks and brute force attacks. Someone might be able to get your banking password, but can they get your phone or get into your email?  

SMS Messages: “One Minute, I don’t have signal.” 

The most common method of MFA is SMS messages; unfortunately, this is the least reliable method. Not only does it require you to have cellular service, but it can also be susceptible to SIM swapping. Sim swapping is where a criminal tricks your cellular provider into switching your phone number to a new SIM card that they control. This allows them to receive those SMS messages on their device, completely cutting you out of the transaction. Some users try to prevent this by putting a password or PIN on their account through their cellular provider, but you’re still relying on someone else not to slip up.  

Authentication Apps: “Another App?” 

Some apps can be used as a method of authentication, such as Google Authenticator and Duo Mobile. Unlike SMS messages, this method doesn’t require cellular service or data, as the information needed to generate a code is downloaded and stored in your phone. It also means someone would need to physically have your phone to access this code, and even then, they’d need to have your PIN or use your biometrics to access the app. Finally, the code the app generates only lasts for 30 seconds, which might seem quick, but it stops a brute force attack from being able to guess your code. 

Comparison of Password Methods 

Conclusion 

No matter who you are, I think most people can agree that we have a lot of valuable information online. It’s important to protect it, just like you would your own home. Don’t let someone steal your information because you were uninformed or didn’t take the time to secure what’s important. Stay informed, stay protected, and stay supported.  

Let us know down below if you’ve had any bad experiences. What do you wish you had done differently? Could something be done?