Support Sign Up

Everything You Need to Know About Password Security

A team of security engineers recently found a bug in one of the most common security protocols employed by virtually every website with user accounts. This bug, known as Heartbleed, is a vulnerability in the OpenSSL software library. Technical jargon aside, it’s time for you to change your passwords, since most Internet users were at risk.


Passwords and why you need to change them


As more passwords have been breached over the years, security hackers have gained new insights into how people select passwords. By isolating patterns, they been able to develop and build advanced password-cracking algorithms. Ten years ago, if my password was M@rkJ1md0!, a hacker would have run a dictionary or brute force attack that tested a list of words or characters until it cracked it. This process would have taken years even with the processing power of today’s computers. Now, my password example is much easier to crack because of patterns that security crackers have accounted for in their algorithms. Here’s a few common patterns:


  • capitalizing the first letter
  • replacing “a” with @
  • capitalizing the first letter of a second word
  • replacing “i” and “o” with 1 and 0
  • ending your password with an exclamation point


Protect your online identity

A recent study by Dashlane found that 55% of the top 100 ecommerce websites still accept weak passwords like “123456” and “password.” How can you protect yourself against advanced password-cracking algorithms and lack of security protocols by popular websites? No method is perfect, but following these guidelines will help make your passwords more secure:


  • Never use the same password twice. Not all websites that you visit are built with the same security measures. It would be more than a shame if someone got your Amazon password because you used the same one on an insecure forum.
  • Avoid dictionary words. Seriously, knock it off. If your password is a common word and doesn’t include a mix of characters, you’ve chosen a poor one. Since creating a new password and avoiding dictionary words for every website you visit is a daunting task, you can simplify this process by using a password manager—but more on that later.
  • Create a longer password. A five character password has fewer potential combinations than a 15 character password. Do you know what that means? It’s easier to crack. I recommend that you set your passwords to at least 10 characters.
  • Mix up the styling. Remember to use a mixture of uppercase and lowercase letters, symbols, and numbers in your password. If your password looks like a hodgepodge of characters, you’re setting yourself up for better security.


Utilize a password manager

A password manager is an application that stores and generates passwords for you. Using a password manager to generate random passwords circumvents the so-called human factors that password crackers have learned to account for. Some password managers, such as LastPass and 1Password, offer cross-platform compatibility so that you can access your passwords on all of your devices, such as your home and work computers, mobile devices, and tablets.


Many people are concerned with the security aspects of password managers. While every online service poses some risk, I agree with Lifehacker that using a password manager is the safest option today. You only need to remember one master password, and you can also use two-factor authentication with it.


Use two-factor authentication

Two-factor authentication is both simple and secure. It borrows from the same security measures used to authenticate your identity at an ATM. When you withdraw money, you need your ATM card as well as your PIN. In other words, you need to go through two authentication steps to access your account. Two-factor authentication on the web leverages the same security measures to ensure your identity. Here’s how it works:


Keep calm and change your passwords 1. When you set up two-factor authentication for online services, you’ll be prompted to enter your mobile phone number.


2. A verification code is sent to your phone via a secure channel, such as text, voice call, or an authentication mobile app.
3. You navigate to your desired website, sign in as you normally would, and you’ll be prompted to enter your verification code.


4. Enter the code, and voila, your identity has been verified.


After you have confirmed your identity on an individual device, future sign-ons will not require a verification code. Because that device is protected by a PIN, password, or pattern lock (you are securing your phone’s lock screen, right?), you don’t need to worry about unauthorized access. Setting up two-factor authentication is highly encouraged, because even if your password is compromised, your account is still safe. Popular services that offer two-factor authentication include Apple, Facebook, Google/Gmail, and Twitter. You can find a large list of popular websites that do and do not offer two-factor authentication at Two Factor Auth.


Understand the dangers of “Forgot Your Password” security questions

Most Internet users have had to request a password reset at some point in their lives. But have you ever thought about how many people might know the answers to those questions? Here are some common password recovery questions:


  • What is your mother’s maiden name?
  • Which elementary school did you go to as a child?
  • What was the color of your first car?
  • Where did you meet your spouse?


Security questions can be even less secure than passwords. Anyone who knows you personally can probably get you to unknowingly answer these kinds of questions during a friendly conversation or via social networks. Some, or all, of that information may even be online, as was the case with Sarah Palin back in 2008. To combat these concerns, I suggest using a friend or family member’s information, instead of your own, as the answers to those security questions.


I hope I haven’t instilled too much fear to cause paranoia—online platforms should be fun and productive, but they should also be safe. Following these guidelines will help ensure your security, so that you can continue using these services with a little more peace of mind.


Do you have any other tips to protect your online identity? What’s your favorite password manager? Let me know in our comments section.


Mark Miller

Mark Miller

Customer Support Geek at Jimdo


Mark joined Jimdo in April 2014 to add a helping hand to the Support Team. With a background in technical support and recruiting, his prowess is a unique resource for Jimdo and its customers. When Mark isn't answering technical questions, he enjoys road trips, Continental philosophy, and reality television.