One of the biggest problems with password security is that you don’t actually need good password security … until you actually need it. That is to say that you can live your whole life using the same password over and over again for every single service and website and never run into issues, but if someone finds out your password then chances are you’re going to be in for a whole world of hurt. In this article, we’re going to go over some simple password strategies that you ought to adopt to keep yourself safe online. It doesn’t matter whether you’re signing up for a new contest, playing adult games or securing a MySQL database – this applies to all use cases!
Never Reuse Passwords
I know, it sucks – but so does reusing passwords. You can’t guarantee what security measures are on the other side of service you’re using, so each and every password you use has to be assumed compromised. Ask any network security expert what they think about password reuse and they’ll all tell you the same thing: don’t do it. Passwords should be unique and unassociated with one another. I recommend taking advantage of a third-party tool to remember all of your passwords, with a master password that you never use for anything else. I personally use KeePassXC because it’s free, open-source and cross-platform. There is a browser extension for it, but recent attacks with extensions means that I’m not currently using it.
Have Strong Passwords
What exactly is a ‘strong’ password? It should be a completely random assortment of numbers, letters (upper and lower case) as well as special symbols if they’re allowed. You can start pressing random keys on your keyboard to achieve this, or use a tool for assistance. Passwords Generator is a good tool to keep handy, although you may want to change a few characters and letters manually after you’ve copied it from the website (this is probably overkill, but it only takes a few seconds, so why not?). Longer passwords are better – 16 characters ought to be enough, but your security only increases as the length increases. For some services, I have passwords that are 64 characters!
Always Use HTTPS
If the website you’re visiting isn’t HTTPS, then you might have a major problem if you’re submitting data, seeing as anyone on the network (and in some cases, elsewhere) could have access to the information you’re sending and receiving. Always use HTTPS at the start of a URL you’re entering a password into and NEVER submit personal data into non-HTTPS forms, such as your name, address, SSN, credit card number and so on. HTTPS basically allows you to ensure that the message you’re sending across the Internet is completely unreadable to anyone that’s in the middle of you and the server that you’re submitting data to.
Hopefully this article gave you a quick and dirty look at great password security and best practices. For further reading (although more from a service provider perspective), check out Troy Hunt’s Passwords Evolved blog post.