I know I’m a little late to the party, but recently I’ve been giving more and more thought to the passwords I use to access the various sites and tools I use on a day to day basis. The main reason I started thinking about this is because of Google’s introduction of the 2-step verification process and a recent article in Wired in which Google has declared ‘war’ on the Password.
Now what does this have to do with encryption solutions you might ask? Quite a lot actually. Especially when you consider the primary method of authentication for nearly all encryption solutions is a user generated password. Of course, it’s also entirely possible to enable multi-factor authentication with encryption solutions leveraging things such as password and tokens such as smartcards, fingerprint readers and so on.
But let’s face it, most people use a password. So the question that begs asking is what constitutes a good password?. The best advice I was ever given regarding password strength was to create a phrase and avoid all the usual pitfalls of personal info like pet names etc. A really good summary of best practices can be found in this ‘Ultimate Guide for Creating Strong Passwords.’
I have personally been hacked once on some personal accounts as a result of a poor password. I rectified the situation pretty quickly but didn’t think much of it. More recently with the various news reports about ID theft and phishing scams, I’ve come to the realization that good password practices are a critical piece of protecting your information and identity – with or without encryption. The access to your information is only as good as the strength of your password.
If you’ll excuse me, I’m going to go and double-check my password quality on all my accounts now and make sure I didn’t use ‘p@ssw0rd’ or any other such nonsense.