Password and Account Protection

Online access provides you with incredible opportunities: check a bank statement, pay a mortgage, make a credit card payment, check a credit score, and order just about anything then have it delivered to your house! But each of these tasks requires you to login to a website or app, and keeping each account safe is of critical importance. A strong password for each account is fundamental.

Internet Security System

What makes a “strong” password? It begins with the password length: the longer the password the longer it takes for a hacker or hacker’s computer to guess or crack the password, and that time dramatically increases for each additional character or number. It is a balance, however, since a password that is too long may be difficult to remember (which defeats the purpose of a strong password). A good password length is 8-10 characters.

A common way to make strong passwords easy to remember is by using a passphrase. Using random words that don’t fit with each other helps increase the uniqueness of the password. This well known XKCD comic helps demonstrate a strong password:

Of the many password practices, several are things we really shouldn’t do. If you make a strong password but use it on every website, a breach of security on any of the websites could cause your password to be known and this weakens your password. Every password should be unique to the account and it should not be reused for another account. Another ill-conceived practice is using names of pets, people, or notable dates as a password. These are also easy to crack for a password cracker. In addition to not using names or dates, do not use the same base password then change a number or two at the end. This practice has the same problem as using the same password on each of these sites.

Finally, one other step you can take to secure your accounts is using multi-factor authentication (MFA). A common form of multi-factor authentication is two-factor authentication. Two-factor authentication increases the security by requiring two authentication factors: The first factor is usually a knowledge factor (the password that you know) and the second factor is a possession factor – something physical that you have such as an ID card, security token, or smartphone. In multi-factor authentication, a the third common factor is the inheritance factor (also known as the biometric factor). There are other authentication factors, such as location and time, but these are three of the most common. Having an account requiring two of these factors makes breaking into your account all that much harder as hackers since they would need two things from you, not just your password.

Oklahoma State University also has a two-factor authentication option for logging into all the websites that use your OKEY login. For more information see https://it.sp.okstate.edu/itservices/4help/guide.aspx?guideName=STW-IT_Duo_Setup_And_Use. Start your setup for Multi-factor Authentication at https://apps.okstate.edu/duo_portal.

Using Password Managers to Stay Safe Online

Whether it is posting in social media, reading email, banking, or any number of other things, if you are online, you will be using a password to access your account. Some people are really good about using secure password practices but many of us remember passwords by writing them down on a Post-It Note, using easy-to-guess passwords or reusing old passwords. These practices leave our accounts vulnerable in the cyber world. One thing that can help us keep our online accounts safe is a password manager.

Password managers do pretty much exactly as you would expect: they manage passwords. To get started, a “strong” password is created for the password manager then the password manager provides tools for creating and storing your passwords. The password manager creates unique and hard to guess passwords thereby increasing the security in the associated accounts. Along with the password, password managers keep login information for each website including the username or email address you use. So when you log into a website, like Facebook for example, it will remember your email and the password and automatically put both into their respective fields. It is critical to secure the computer that is entrusted with your password manager: a username and password should be required to get access to the computer!

Another benefit of password managers is to have your passwords available on multiple devices. Several password managers have an app for both IOS and Android so you can also have access to your passwords on your phone as well and the app can be shared across different computers too. If you have a laptop and desktop you will have access to the passwords in both places. If you lose your device you can just change the password of your password manager and the rest of your passwords will still be safe behind that new password. Some password managers will even allow you to remove a device from its list requiring that device to be logged back into with your password to your password manager.

There are many different password managers. Chrome, Firefox, Internet Explorer, and Edge all have built in password managers that work for storing password, but don’t offer some of the other features. A few other password managers offer better features and some have free versions.

  • Dashlane– Dashlane has some amazing features, like changing several passwords at once. However, the free version of Dashlane limits the password storage to 50 sets of credentials.
  • LastPass– The free edition of LastPass has unlimited devices, and even a security challenge that helps determine how secure you are with your online accounts.
  • Best Security: Keeper – Keeper also has some storage for files and documents that you want to keep safe. The limiting factor on the free version is that it is limited to a single device

References:

  • https://www.cnet.com/news/the-best-password-managers-directory/
  • https://www.tomsguide.com/us/best-password-managers,review-3785.html