I’m using computers for quite a while and since fifteen or more years I’ve been using multi-user systems and the internet. Having a computer science and linguistics background, security of passwords is not exactly a new issue for me. Quite to the contrary, I’ve been telling a lot of my friends that using good passwords is important.
However, this week I’ve stumbled about some interesting pieces that shed new light on the topic for me. The first is a not exactly new article by Bruce Schneier about how secure passwords keep you safer, which contained quite some information that was new to me. It’s a very interesting piece on possible approaches to break passwords as of three years ago. Now combine that with a more recent piece on using cloud computing to crack passwords and you might get an idea how important using really good passwords might have become today.
This brings me back to my current usage of passwords. Until now, I’ve seen my passwords as reasonably hard to break. They contain all the usual stuff, a mix of upper and lower case letters, numbers and some symbols. However, reading Schneiers article made it clear to me that not all my passwords may really be as secure as I thought they would be, so it’s time to overhaul these.
In addition, I’ve been using some passwords for more than one site (though not for critical/important ones), to ease the mental cost of having to remember particular passwords for some sites. On the other hand, some time ago, I already started using a password manager to store my passwords, synchronizing the db over several installations. So, the cost for using unique passwords is lower as it used to be, so I’m going to correct that error, too.
What this amounts to at the end of the day, though, is a really old lesson: security is a permanent issue not a one-time shot. What once might have been enough security measure might be totally insufficient soon.
Summary Please use a password store like keepassxc which you can use on multiple devices and which can generate random passwords for you. The more characters you use, the better. Don’t use the same password on a second site.