As many know I am working with government and standards organizations to help the Digital World eliminate passwords through the use of easy to use alternatives that involve mobile phones and other wearable devices. In the not too distant future you will use your mobile phone (or smart watch perhaps) to login to your PC, MAC, email or bank account amongst other things. You will need the actual physical device (phone) in hand to access your account. No passwords floating around the Internet to be hacked and stolen. A hacker would need to actually steal your phone AND be able to unlock it.
No sense it denying it though, it will be a while before that becomes ubiquitous across the Digital world. We are stuck with passwords for a little while still.
I found an online service that is really quite useful for the average person to check to see how strong their passwords are. If you have seen any of my past posts here or elsewhere you know I am an advocate of coming up with passwords that are meaningful only you, but to others look like a scramble of characters.
In review, here is an example of what I do for passwords that is secure and easy. I make up sentence and turn it into a password inclusive of some random special characters
Here is my sample sentence: “I run for seven kilometres per day”
Here is my derived password from that : Irun4:7Kmpd
As you can see from the password I have used only the word “run” which you could still just use an ‘r’ and still meet the usual minimum 8 character requirement for passwords, but I used the full word to make it 10 characters while keeping the sentence not too long. I use the first letter of words, mix in some capital letters and thrown in a random character “:”. It really is a lot easier to remember this than some crazy random generated password for us normal humans with too many things on our mind creating all kinds of short term memory loss. It is also SIGNICANTLY more secure than what most people are using today.
So let’s test this with our password meter.
Let’ s now contrast that to using your dogs name with a couple of numbers attached to it like most people do (you know who you are) to make up the usual 8 character requirement: fluffy123
Note that fluffy123 is particularly weak because of the repeated characters and in actual fact a lot of applications may not even let you use this. You may be forced to do something like make at least one character a capital letter or add a special character. I did want to use it to make my point though.
Passwordmeter is really quite easy to use and works well in conjunction with my sentence based method.
With Internet crime being so prevalent it would seem that everyone should be doing this at minimum. However, most people tend not to react till they are hacked and even then, they may change fluffy123 to Fluffy321 thinking that they have fixed the problem. Nope. Wrong. Last year Russian Hackers gained access to about 1.2 Billion passwords a lot of which are just sitting in their databases waiting to be used. They are sold on the black market and have the potential to do a lot more than just look to see who you are friends with on Facebook or Snapchat. Most people use the same password on GMAIL and their bank account. And as it turns out, the hacker finds out who you bank with by looking at your email.
http://www.cbc.ca/news/world/password-hack-affects-1-2-billion-accounts-more-at-risk-1.2728865
In a future post I will talk about password management tools like LastPass and 1Password. But if you want to take a look now at home to manage the 100+ passwords you already have you can look now at these products. Google “Password Management Software” and you will get lots of information. I use 1Password for my 160 passwords.
In the meantime, change your password and don’t use the same one on every site you access and make sure to use unique ones for the most sensitive sites like your online banking and email accounts.
Jamie G
Info on Passwordless technology can be found at : https://fidoalliance.org/about/overview/
Safe Identity Canada 
2 comments