Antivirus Wiki

Creating Strong Passwords

  • January 23, 2019

Every day, it seems like you read another new story about a big data breach where millions of identities were stolen. If you have not been one of them, you are lucky. 

Online security should be everyone’s top concern, whether you use the Internet for work or for play. Security breaches involving passwords are one of the top categories where losses occur.

Creating a strong password

Unfortunately, many times it is the user who is to blame for the breach, not a system that has been hacked. More than ever it is important to understand and practice good password safety to keep your information safe. This article will outline the basics of password safety, explore how a password manager can keep you safe.

It seems like every website that you visit wants you to create a password. It is never a good idea to use the same password for multiple sites. Each password that you create should be unique. Keeping track of them can be difficult and cumbersome. In addition, it is recommended that you change all of your passwords on each site at least once every six months. That way if a data breach does occur on the company’s end, the hackers get an old password and cannot use it to access your account.

You already know that a good password looks something like this.

CG3yDL=m1#VHll$%hRd

The problem is that the most secure passwords are difficult to remember. The human brain has difficulty stringing together random sequences. Yet, random passwords are so important to your online safety.

Using a password manager such as Lastpass is one of the top recommendations by computer security experts. A password manager helps generate and store a long, complicated password for every one of your online accounts. Not only can they protect passwords, they can also protect PIN numbers, credit card numbers, and three-digit CVV codes. We recommend Lastpass as the best free password manager for all of your devices.

Here are some of the pros and cons of using last password manaer.

Pros

  • Will change passwords on selected sites automatically
  • Stores URLs for sign ins in your vault, keeping them handy
  • Browser extension can automatically fill in user info
  • Stores passwords on their servers, secure and safe
  • You can still access your passwords if your computer system goes down
  • Lets you share as many passwords as you like with trusted family members and friends
  • Use one master password to access all of your websites on any device

Cons

  • Replacing older weak passwords will take time and will have to be done one at a time
  • May have to toggle between app log in page and password manager on Android

Bottomline

  • The bottom line is that Lastpass is an convenient way to manage secure passwords and ads an additional layer of security to an antivirus software.

The following summarized what we thought about Lastpass in terms of its features and reliability. A five-star rating indicates most positive and one-star equals least positive.

LastPass

Rating

Ease of use
5/5
Easy of Installation
5/5
Price
5/5
Reliability
5/5
Security
5/5
Compatibility
5/5
Works across platforms
5/5

Top Features

  • Only need to remember one master password
  • Generates secure passwords
  • Has reminders to help you to remember to change them often
  • Works across numerous platforms
  • Secure and safe password storage

Why You Need A Password Manager

You may be thinking that if you have a password manager, that is all the security you need. However, a password manager will only protect you from certain types of attacks. As you surf the web, it is still possible for you to accidentally click on an attack site. It is recommended that you use a password manager and an antivirus software to add two layers of protection to your online security.

Expert Quote

Dana edwards

“People are increasingly putting sensitive information on these computers and it is important that this information remain secure.”

Dana Edwards

Cyber-Security and Distributed Ledger Researcher

Fixing Lastpass

The simplest solution is to log into Lastpass and switch off the unrecognized device and location verification under account settings. Here is how that works.

1. Log into your Lastpass account using your master password.

Login Lastpass

2. Go to Account Settings in the menu on the left-hand side of the page.

Fixing Lastpass

3. Make Sure you are on the General Tab. Click on Show Advanced Settings.

Fixing Lastpass

4. Switch off unrecognized device and location verification.

Fixing Lastpass

Now, Lastpass should work just fine with your antivirus software. However, this leaves your system vulnerable, so if you choose to do this, it is recommended that you switch on multiple authentication. The process for doing this is easy too.

First, go back to the Account Settings Tab. Click on Multifactor Options at the top of the page.

Fixing Lastpass

Second Click on the Edit Tab.

Fixing Lastpass

Next you can choose your desired multifactor authentication provider. The screen may vary depending on the providers that you have installed.

Now, you should be all set. You should be able to use your password manager and an antivirus software at the same time.

It is the recommendation of security professionals in the field that you use both a password manager and an antivirus software. If you choose not to use a password manager, here are some tips for creating good passwords and keeping them safe.

Password Management without A Password Manager

As you can see, a password manager is safe and convenient. The best part is that you can use a master password and you only have to remember one password to access all of your sites. Yet, you still have secure passwords for every site, and each one is different. Some password managers will also send you reminders when it is time to update a password for a particular site. However, for various reasons some people prefer not to use a password manager and would rather do it manually. If you choose to use this route, it is important that you understand what makes up a good password. Here are some tips for creating strong passwords that are more difficult to hack.

  • Longer is Better.
    It is recommended that passwords contain at least 10 characters. However, more is better. The more characters you have, the longer it will take software that hackers use to crack passwords to find the correct combination.
  • Complex is Best.
    The more different types of characters you have in your password, the harder it will be to crack. Passwords should include combinations of uppercase letters, lowercase letters, numbers, and special characters. The more you use of them the better.
  • Use Memory Devices..
    If you follow the first two rules, you will probably end up with a password that is difficult, if not nearly impossible to memorize. Here is a hint. Use a phrase that is related to the site and take the first few letters to create the password. For instance, you could say, “I like to protect my Access Bank account to keep my money safe.” This could translate into, “Il2pMabA2Km$$S”. This way it is something that is easy to remember and still meets all the rules for a secure account.
  • Diceware Method.
    It is never suggested that you use the dictionary to find words to use for a password. Some software can quickly run through dictionary words and break passwords quickly. It takes about as much time as it takes you to pull up a website using a browser. You can create a list of numbered words and then roll a dice to string them together. If you try to do it yourself, the human brain does not like randomness and you will probably end up with a sentence that can be figured out by someone else. However, rolling the dice means that the string is completely random. For instance, the string may sound something like, “classic dog red door soccer coat bring chair down” some people remember phrases like this using a picture in their mind.

These are just a few tips to help you create good passwords. As you can see, even without a password manager, there are some ways to create good passwords and keep your account safe, yet not make them impossible to remember.

However, just as there are methods for creating strong passwords, there are also some things that you should void. The following may seem to be good suggestions to you, but hackers have seen them all and know how to get around them.

Here are top 10 things to AVOID when creating passwords.

  • The same word as your username, or any part of the username
  • Your own name
  • Any personal information about you or your family members such as a license plate number, phone number, birth date, or street name
  • Any sequence of consecutive numbers on the keyboard. The worst are 12345, QWERTY, ABCDEFG, or [email protected]#$%^
  • Combinations of words such as bluemoon, scarletletter, or redcorvette
  • Obvious substitutions such as News2U or D0gt0ys
  • A blank password
  • The word Password
  • Any of the above in reverse

Keeping Your Password Safe

Now that you know how to create a strong password and avoid some of the common pitfalls that people make when creating them, it is time to go over some basic rules for keeping it safe. These rules apply whether you use a different password for each site or use the master password for a password manager program.

When someone thinks of a data breach, or identity theft, the first thing that comes to mind is a hacker breaking into a large database and stealing large batches of passwords. However, the truth is that many cases of identity theft can be avoided. The most common type of threat to privacy and security is not necessarily a professional hacker who is out to steal tens of thousands of accounts. The most common way that all data is compromised is through people voluntarily sharing their password or failing to take measures to protect it.

Here are a few rules that you should always FOLLOW to keep your password safe.

Never Use the Same Password Twice.

You should always avoid using the same password for numerous sites. This limits the damage if one of your passwords should accidentally be compromised. You certainly do not want to use the same password that you use on a public computer system to protect personal information such as your bank account or other important records. It is important to create a unique password every time.

Change Passwords Every 6 Months

We have already addressed this issue, but it worth repeating. Changing passwords can be an inconvenience. It is easy to get lazy, or to forget to do it. However, this is the most important way to guard against a brute force attack. Passwords are a fixed length and given enough time and processing power, a brute force attack will eventually always be successful. If you do not use a password manager, you need to set a calendar schedule to remind you to change your passwords. To make the process easier, you can stagger them so that only a few need changed every so often. This can easily reduce the process from several hours to only a minute or two of your time.

Writing Down Your Passwords.

If you create strong passwords, they are probably difficult to remember. However, writing it down and keeping it handy can be just as bad as creating a weak password. One habit that many people fall under is that they will write down their password and keep the note right next to their computer. Other people keep their password right under their mousepad. These notes can easily be swiped and you may think that you lost them, or anyone with a camera can take a picture quickly as they walk by casually.

One Final Thought

Practicing good password safety is similar to practicing good hygiene to keep yourself from becoming ill. Once something has happened, it is too late. The best strategy is to keep it from happening in the first place. This requires vigilance on your part, but in the end it is worth it. Of course, if you practice good password safety protocols, it will never be noticed, but that one time do not, it could mean disaster and the potential for identity theft.

We recommend using a password manager and an antivirus software together to offer the maximum-security possible. This is like having a double set of locks on your door. Hacking and identity theft is on the rise. This means that you have to be even more proactive in keeping yourself and your personal information safe. Hackers have sophisticated ways of cracking passwords and breaking into accounts, but fortunately many of these are easy to circumvent with just a few simple and practices. Keeping your password safe should become a habit and something that you do automatically. Think of it as similar to how you automatically lock your door when you leave your house or car. Getting into the habit means that you have even less chance of having to worry about the hassle of having your identity stolen.