Passwords – Security Tips from Experts

In the previous post, we covered the basics of a “SLICK password” and “passphrases” as an alternative to the usual suspects. If you missed that post, take a minute and review it now. CLICK HERE

For those who are SUPER security conscious and want to create the ultimate in protection, we’re really going to bump things up a notch! The random-word passphrases are going to get a make-over using the “SLICK” formula we talked about earlier and we will see what some experts consider to be virtually hack-proof.

I need to add the disclaimer: NO password is 100% safe – in part, because speed with which computers can break them is always increasing. Your aim is to make your device, account or data much harder to access than the next guys! Sometimes these hacking systems will time out after a certain number of tries – think BILLIONS. Let’s make sure the criminals lose interest in busting your code!

 

Master Level
Make Your Passphrase SUPER SLICK

SUPER SLICK PASSPHRASE – Let’s see if we can get the “random-word passphrase” examples from the previous post to pass our SLICK test!

SLICK:  Strong – Long – Individual – Complex – Kooky

In the examples below, we take the original passphrases and change some things around. To add to the strength of the random words we need to uncouple words that might be known to go together like “green eggs” and add some odd spelling, numbers and symbols to the mix. Have a look at what we did.

Original Passphrase:                      green  eggs  that  clam  gor  haribo tuba
Modified Passphrase:                    green  gor  that  clam  eggs  haribo  tuba

SUPER SLICK Passphrase:             g]>*en  90rr zat  Klamb  3g9s @rrieBo  2bah

Now run all that together with no spaces and it’s…
SUPER Strong – Long – Individual – Complex – Kooky           …CHECK!

Original Passphrase:                       fibber  caged  jupiter  ate  leap  glucker
SUPER SLICK Passphrase:             fi88er cag-d  jup!Tr   8++E  L3@p  gglu(kRR

Now run all that together with no spaces and it’s…
SUPER Strong – Long – Individual – Complex – Kooky           …CHECK!

 

Totally Random Passphrase

Computers are wicked-smart! What we see as a random string of words, actually has a pattern to it! Human beings are pattern seekers and pattern builders. We crave it! We instinctively favor things that follow patterns and make sense to us. And, we’re not even aware that we do it!

For those looking to take this business of passwords to the edge, try using Diceware. With Diceware and their related wordlist you can generate passphrases designed to REALLY stump sophisticated hackers. If you need to sit down and create a whole bunch of passwords at once it may take some time, however, it is a pretty ingenious system and easy to understand.

 

Basics of Diceware and Why it Works

The strength of a password, passphrase, or encryption key is measured in “bits of entropy.” Entropy, defined as randomness and lack of order or predictability. Entropy is an essential component to a masterful passphrase. By using some six-sided dice, you generate actual entropy or randomness. Each roll of the dice helps you build your passphrase via Diceware word lists. You build a series of random numbers and then convert those numbers into random words pulled from Diceware’s ever-changing lists.

If you are ready to roll up your sleeves and dig in, this article is well-written and explains things nicely and there are additional word lists available if you need them.

Read more about Diceware – Click Here 

New Diceware Word ListsHave a Look Here

Using Diceware, you could wind up with something like:
high fang canoe glower bobbin ebb tear

This may look similar to the passphrases we discussed earlier, however, THIS one has been generated with entropy in mind. As a result, it is far more random than ANYTHING you or I might conjure in our head. Now, if you want to kick THIS up another notch, you can always make it “Super SLICK!”

 

The Future of Passwords

Will they stay or will they go? Passwords are likely here to stay; at least in the short-term. As we transition to the more distant future of data protection, say between now and 2022, you can expect an increased use of the following:

Biometric sensors that include the use of facial recognition, iris scans, and voice and fingerprint recognition.

Device authentication that used features of the CPU to allow a laptop or phone to “prove” its identity while you, the device owner prove yours via some approved biometric sensor like a fingerprint.

Behavioral biometrics such as mouse dynamics, screen interaction/swipes and keystrokes.

Two-factor / two-step / multi-factor / multi-layer authentication where users are asked to verify a new device being used to access an account. A code, sent in real time, to another previously verified device or email account where it is retrieved and then entered into the new device to complete the verification process.

 

A Quick Look at Password Managers

Given the number of online accounts we all have these days, companies specializing in Password Management are on the rise. We may circle back on this topic in depth in a future post. In the meantime, we found a great article on the Consumer Affairs website that you can explore on your own. You can compare brands, see features, learn about different types, find out who is using these tools and why, and you can read user reviews. It is very comprehensive

 

Answers to Questions About Estate Planning

If you have questions about wills, trusts, estate planning or financial or medical power of attorney. If you want to protect an aging relative from losing their hard-earned money to fraud or if you feel overwhelmed because a loved one has passed away without benefit of a will or trust, the best place to start is with a call to my Los Gatos office at (408) 376-2755. Call to request an appointment.

You are welcome to Print this Free 30 Minute Legal Consultation Certificate 

Let’s get some of those questions answered!

 

estate_planning_living_trust_preparation_losgatos_Diane M. Brown, Esq.
Working every day to keep my clients out of court!
It’s your money… Let’s keep it that way!
Call 408.376.2755

 

 

This blog contains general information and is not meant to apply to a specific situation. Please seek advice of counsel before proceeding as each case is unique.

 

No comments yet.

Leave a Reply