I was pleased last week to discover that the password system I’ve been using was exactly what I should have been doing. Steve Gibson of Gibson Research Corporation discussed the his new recommendation for passwords on his Security Now show on the Twit.tv network on June 1st. His recommendation mirrored what I’ve used for years. I thought I was using a good system but hearing Steve come up with the same strategy was very welcome news given his security expertise.
I strongly suggest that you immediately visit the “How Big is Your Haystack?” page on his GRC site and test the strength of the passwords you use. Don’t worry, they aren’t being captured by GRC but you may encounter immediate angst when you see how easily they can be cracked.
The GRC Haystack page won’t give you password suggestions but it will provide indications of the strength of your newly minted passwords
If you listen to Steve discuss Haystack and the ingredients of a truly strong password in the show video from the above link, you’ll recognize that your password should include symbols, numbers, upper and lower case letters and be at least 13 characters long. It SHOULD NOT include words found in the dictionary or other common abbreviations or numerical combination.
You can still make a password that has meaning to you so you can remember it, but you need to follow the strength rules. Go to the Haystack page and start typing. You’ll quickly see how the strength of your password increases when you add additional characters that increases its length.
Even though Steve has proclaimed that the Haystack tool “is NOT a Password Strength Meter”, the Attack Scenario readings will immediately tell you how hard it would be to crack your password.
The genealogists I help seemingly always use very weak passwords for their email, subscription sites and blogs. It seems that I spend as much time teaching folks to use strong passwords as I do helping them with their genealogy research.
If the number emails I’ve received from hijacked mail accounts are any indication, password strength issues are the plague of much of the genealogy community.
Do yourself a favor. Check the strength of your passwords today. Change any and all of them that are not very strong (those having less than a trillion year attack strength) and change them immediately. Don’t be one of the statistics who loose their accounts and credentials due to weak passwords.
As noted in an earlier post, I highly recommend using LastPass for password management. The master LastPass password you use locally encrypts your password data before it arrives on the LastPass servers, so you don’t have to worry about anyone on their end being able to read your data. LastPass adds another layer of encryption on their end, further protecting your password data.