Longer passwords
The benefits of longer passwords
We already know from my previous post that longer passwords are better. The primary advantage of longer passwords lies in the simple concept of time. As the length of your password increases, so does the amount of time it would take to crack it.
The challenge of the cracker
Consider that the cracker has a list of hashes and login codes, both of which are essential for gaining access to a system. Typically, login codes are stored in plain text, making them visible to anyone with access. Passwords, on the other hand, are ideally stored as hashes, requiring the cracker to identify the password corresponding to a specific hash. Once the crackers successfully identify the password, they can combine it with the login code to access the system.
In the ideal scenario, your login code is cryptic, such as “1236527,” which could be something as simple as your client number. The value of a cryptic login code lies in the fact that it holds little significance to those who have access to it, including crackers. However, the downside is that you must also remember this code.
For the cracker, the fundamental question becomes: how much time and effort should I invest in cracking the password of user 1236527? What can I potentially gain from it? Imagine that you have $100 in your account, and it would take the cracker two weeks to uncover your password. That is a poor result, so the cracker has to evaluate potential gains against the required effort.
If your login code happens to be your email address or your full name, it could potentially make the cracker’s task slightly easier. Company names, as well as the names of famous and affluent individuals, are attractive targets for crackers. They provide valuable clues compared to an anonymous numbered login code.
Overall, crackers typically allocate their resources based on the perceived potential for gain, focusing their efforts where they are confident of achieving valuable results.
You must remember that many people reuse their login ID and password. Once the cracker has your login ID and your password, there is a big chance that you used this for other accounts as well.
What to do
Complex and difficult longer passwords can be challenging to remember, especially when you have to change them periodically. Why not take a simple password and attempt to upgrade its security by adding extra characters, which can be placed at the beginning, the end, or anywhere else in the password.
Consider having a bank account with Chase Manhattan. You might create a longer password like MybankisChaseManhattan, which consists of 22 characters and would take many years to crack. In fact, with the current technology, it is unlikely that this password would be cracked in your lifetime. However, for your bank, this password falls short. It lacks a number and a special character.
To address this, consider adding the year of your birth and a special character, resulting in MybankisChaseManhattan1965*
Or simply add a “0” and “?” to make it acceptable: MybankisChaseManhattan0?
When it comes to password length, once your password exceeds 12 characters, you are on the right track. However, surpassing 15 characters is even better. For instance, adding 123### instantly increases the length by six characters. It’s as simple as that.
Improving password creation and management
Creating strong and unique longer passwords
To ensure the security of your online accounts, it is important to use strong and unique longer passwords. When creating passwords, you should use numbers, special characters, and letters. However, it is essential to balance complexity with memorability.
We have already seen how these long passwords are created. If you like fishing, Ilikefishing = 12 characters. Now you only add some numbers and special characters. Maybe you come up with ###555Ilikefishing, a password of 18 characters.
Balancing length and complexity
While longer passwords offer enhanced security, they can also increase the likelihood of typing errors. Some accounts force lockouts after multiple incorrect login attempts.
To effectively manage your passwords, consider categorizing your accounts based on risk. High risk websites, such as financial accounts, are best protected with long and complex passwords. On the other hand, for low risk accounts you can consider simpler passwords. Create a list of all your accounts, along with their associated risk levels. This is a great help in password management.
It is crucial to use a unique longer password for each high-risk account. Do not recycle these passwords across multiple accounts.
For low-risk accounts this is not a big problem, as long as you understand the risk. If one account is hacked, the others might also get hacked.
I suggest you make a list of all the login accounts you have. A simple list with the company name, the website, your login ID, and your password. Then assign a risk to every account, high and low.
Next create unique long passwords for the high-risk accounts. For the low-risk accounts you can decide if you want to use a few simple passwords that you can use for more accounts.
For some accounts it can be more work to register or to reset your password. Some government departments require you to come in person to register. Some departments send you a letter by mail for a simple password reset. Make a note of this to avoid surprises later.
Storing and managing passwords securely
When it comes to managing and storing passwords, it is crucial to prioritize security while also considering practicality and ease of access. Here are some considerations and options for securely managing your longer passwords:
Encrypted text files
You can store passwords in an encrypted text file on your computer. This is an effective method for managing your passwords. For security you can take backups to external hard disks. This approach allows for easy access to your passwords while maintaining a level of security. It is important to ensure that the encryption method used is robust and that backups are securely stored to prevent data loss.
This method is very simple, it works on any type of computer, there is nothing to install, and it is free. You only have to remember one password. Just, for security reasons, do not name your file Passwords.txt or anything like that.
Password managers
These offer a convenient and secure way to store and manage passwords. Look for a password manager that can be installed locally on your computer. This ensures only you have control over your password data. Additionally, look at backup options to ensure that you can access your passwords even if your primary device becomes inaccessible.
Some tips in selecting a password manager. Make sure you can store all the information you want. Some password managers have a limit on how many credentials you can store. Go for local installation, just to make sure that only you have access. Backup, and of course restore options. And do try the restore functionality, make sure you know how it works, and that it works correctly.
Cloud based storage
There is also a wide variety of options to store your passwords in the cloud or in cloud-based password managers. Unfortunately, there are potential security implications. Cloud storage can introduce additional risks, such as the possibility of unauthorized access or data exposure. Understanding the ownership and security measures of the cloud service provider is crucial when considering this option.
Conclusion
Securely managing longer passwords involves a combination of thoughtful strategies, including encryption, password managers, and systematic organization. By prioritizing both security and practicality, you can effectively safeguard your digital accounts while maintaining ease of access.
And again, as a final note, do not share your passwords. Never.
Do not forget to read my other blog om passwords here.
I have also created a post on browsers and passwords, you can find it here.
Thank you for taking the time to read my post on longer passwords.
I hope you found it enjoyable and insightful.
Stay tuned for more content that is coming soon.
If you like what you read, please consider sharing it with others who might find it helpful.
Disclaimer
All tips and methods mentioned in this blog are tested on Windows 11. Please note that results may vary on other operating systems or versions of Windows. Adapt the instructions accordingly.
Copyright
© 2024 Henny Staas/safecomputer.org. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Henny Staas/safecomputer.org with appropriate and specific direction to the original content.