How to Create Strong Passwords and Protect Your Digital Identity with Password Managers

Outline

What are passwords

How to write strong passwords

Bad password practices

What are Password Managers

How do Password managers work?

Importance of password managers

Security concerns with password managers

Conclusion

A password is a secret combination of characters or a code that is used to authenticate the identity of a user and grant them access to a secure system or data. A password is typically required to log in to a user account, whether it is a personal email account or a corporate network. The purpose of a password is to ensure that only authorized users have access to the system or data, thereby protecting sensitive information from unauthorized access, theft, or misuse.

The task of creating a strong password that you can remember can be quite a hassle.

Let’s look at two effective ways of writing vault-worthy passwords and still remember them.

The Passphrase Method:

A passphrase is a sequence of words or other text used to create a password.

The advantage of this method is that it creates a long password that is easy to remember.

Let’s create a strong password using the passphrase method:

Step 1: Choose a phrase that is easy to remember but difficult for others to guess.

For example, "I love to eat jellof rice on Saturdays with my friends" can become "ILtejroswmf."

Step 2: Add numbers, symbols, and capital letters to the passphrase. For example, "ILtejroswmf" becomes "1L2ejr@swmf!".

Step 3: Remember to use a unique passphrase for each account.

Honestly, this is the most important step, the only thing worse than having a weak password is using the same password for multiple accounts

Now that we have our passphrase, let’s see how we can remember it for all our accounts.

Below are some tips on how to choose a suitable passphrase for every account:

1. Choose a phrase that is easy to remember but difficult for others to guess.

It should not contain your personal information such as age, DOB, where you live, etc.

Here is a bad example of a passphrase to use:

• I am 10 years old and i live in Lagos, Nigeria

2. Avoid using common phrases or quotes that are easily guessable.

A quote from your favorite writer is a bad idea, the lyric to a song is a no-go as well!

3. Use a combination of uppercase and lowercase letters, numbers, and special characters to increase the complexity of your passphrase.

That’s it for the passphrase method, try it out now as you update your passwords.

We have gone through the best practices for writing strong passwords. I am well aware that we all have strong updated passwords at this point but just to be sure, let’s emphasize again on some bad password practices:

• Reusing passwords: Using the same password for multiple accounts increases the risk of compromise. If one account is breached, all other accounts using the same password become vulnerable.
• Short passwords: Short passwords with fewer than eight characters are more susceptible to brute-force attacks, where attackers systematically guess passwords until they find the correct one.
• Failure to update passwords: Neglecting to change passwords regularly increases the chances of unauthorized access, especially if there has been a data breach or security incident.
• Storing passwords insecurely: Writing down passwords on paper, saving them in unencrypted files on a computer, or using easily accessible note-taking apps exposes passwords to unauthorized individuals.
• Sharing passwords: Sharing passwords with others, even if trusted, relinquishes control over account access and increases the risk of unauthorized use or abuse. The whole point of a password is keeping it a secret!

We need passwords for our email accounts, our social media accounts, our online banking accounts, and even our streaming services. It can be hard to keep track of all of our passwords, and even harder now that we have strong, unique passwords for every one of our accounts.

This is where password managers come in.

As usual, let’s get our definitions:

What are Password Managers?

Password managers are specialized software applications or online services designed to securely store and manage passwords for various online accounts. They act as a digital vault, housing all your passwords under a single master password, which you need to remember.

Password managers typically have a variety of features, including:

• The ability to generate strong, unique passwords for each account.
• The ability to store your passwords in an encrypted format.
• The ability to autofill your passwords on websites and apps.
• The ability to track your password usage.

An excellent example of a password manager is Google’s password manager

Password managers utilize encryption techniques to ensure the secure storage and retrieval of your passwords. Here's a more detailed explanation of how they work:

Encryption:

When you create an account or enter a password into a password manager, it encrypts the information using strong encryption algorithms. Encryption is a process of converting the plain text (your password) into an unreadable format called ciphertext. This process involves using complex mathematical algorithms and a unique encryption key.

Master Password:

To access your password manager and retrieve your stored passwords, you need to create and remember a master password. The master password acts as the key to unlock the encrypted password database. It is essential to choose a strong and unique master password that is not easily guessable and not used for any other accounts (Follow the guidelines explained above👆🏽)

Password Database:

The encrypted passwords, along with their associated usernames or account identifiers, are stored in a password database. This database is typically stored locally on your device or securely synced across multiple devices if you're using a cloud-based password manager. The password database is protected by the encryption, ensuring that even if someone gains unauthorized access to it, they won't be able to decipher the stored passwords without the master password.

Encryption Key:

The encryption key, derived from your master password, is used to encrypt and decrypt your stored passwords. It is crucial to note that the encryption key is never stored anywhere. Instead, it is generated from your master password each time you access the password manager. This means that only you, with the correct master password, can decrypt and access your passwords.

Auto-Fill and Synchronization:

Password managers often provide additional features, such as auto-fill capabilities. When you visit a website or log in to an application, the password manager can automatically fill in the appropriate username and password for you, saving you time and effort. Some password managers also offer synchronization across multiple devices, allowing you to access your passwords from anywhere while maintaining consistent and updated data.

Two-Factor Authentication (2FA):

To enhance security further, many password managers support two-factor authentication (2FA). 2FA adds an extra layer of protection by requiring a second verification step, such as a temporary code sent to your mobile device or a biometric scan, in addition to the master password. This adds an additional safeguard, making it more difficult for unauthorized individuals to gain access to your password manager.

By employing encryption, using a strong master password, and incorporating additional security measures like 2FA, password managers ensure that your passwords remain securely stored and protected. They offer a seamless and efficient way to manage and access your passwords while significantly reducing the risks associated with weak or reused passwords.

By now, you must have realized that Password managers can play a crucial role in maintaining good cybersecurity hygiene. Here are a few reasons why they are incredibly useful:

• Convenience: With a password manager, you no longer need to rack your brain trying to remember dozens of passwords. Instead, you only need to remember the master password, granting you seamless access to all your accounts.
• Password Generation: Password managers can generate strong, random passwords for you, eliminating the need to come up with complex passwords on your own. This ensures that your accounts are protected with robust passwords that are resistant to brute-force attacks.
• Backup and Recovery: Many password managers offer backup and recovery options, allowing you to securely backup your password vault and restore it in case of device loss, damage, or migration to a new device.
• Protection Against Phishing Attacks: Phishing attacks are a common tactic used by cybercriminals to trick individuals into revealing their login credentials on fake websites. Password managers provide protection against such attacks by autofilling login credentials only on legitimate websites associated with the respective accounts.

While password managers offer numerous benefits, it's important to be aware of potential security concerns. Like any other online service, password managers can be vulnerable to certain cyber attacks. Some notable security concerns related to password managers include:

• Master Password Vulnerability: The strength and protection of your master password are crucial for the security of all your stored passwords. If your master password is weak, easily guessable, or shared with others, it increases the risk of unauthorized access to all your accounts.
• Database Breaches: While reputable password managers employ strong encryption and security measures to protect your password database, there have been rare instances of database breaches. These breaches can potentially expose your stored passwords to attackers.

One notable example is the LastPass data breach in 2015, where some user data was compromised.

It's important to choose password managers that prioritize security, regularly update their software, and promptly address any vulnerabilities.

• Phishing Attacks: Phishing attacks remain a common threat in the cybersecurity landscape. Attackers may send deceptive emails, pretending to be from your password manager provider, to trick you into revealing your master password or other sensitive information. These emails often include convincing logos and language, making it challenging to identify them as fraudulent. It's essential to be cautious and verify the legitimacy of any requests for your password by directly contacting your password manager provider through their official channels.
• Keyloggers and Spyware: Keyloggers and spyware are malicious programs designed to capture your keystrokes, including your master password, without your knowledge. These can be installed through infected downloads, compromised websites, or other means. Once your master password is compromised, all your stored passwords become vulnerable. Regularly scanning your devices for malware, using reputable antivirus software, and practicing safe browsing habits are essential for mitigating these risks.
• Physical Access to Devices: If an unauthorized person gains physical access to your device where the password manager is installed, they may attempt to bypass security measures and access your password vault.

It's crucial to secure your devices with strong passwords, enable biometric authentication where available, and employ additional security measures like device encryption to protect against physical attacks.

• Human Error and Misconfiguration: While password managers can significantly enhance security, their effectiveness depends on proper configuration and user behavior. Human error, such as weak master passwords, improper use of password manager features, or accidental exposure of passwords, can undermine their security.

It's thus important to follow best practices, such as using a strong master password, enabling two-factor authentication, and being cautious while syncing passwords across devices.