Is Your Password Secure Enough?
By Tom Kovacs • March 24, 2022
The safety and security of your memories are always at the forefront of our minds in everything we do at FOREVER. We are dedicated to the ongoing protection and preservation of your precious memories at every level of our organization.
Did you know that you, however, play an equally important role in protecting those precious memories?
It's true! Imagine FOREVER as a castle, and your memories are in the center of it. We work hard to make sure the walls are tall and strong, the moat is full and deep, and the guard posts are always watching for bad guys. But you are the gatekeeper! The front door is the easiest way to get into the castle….just like your password is the easiest way for someone to get into your account!
If you've ever been in one of my live "Tech Talks with Tom", you'll remember that I'm a big advocate of protecting yourself online. Protecting yourself optimally is done in layers: strong, unique passwords, two-factor authentication, and trusting nobody online implicitly are just a few of those layers you can utilize to protect your online experience. Today, I wanted to take a moment to talk about strong passwords, and how a strong, unique password is one of the best things you can do to, not only protect your FOREVER Account, but ALL of your online accounts.
Per Security.org, the stewards of the fabulous online password tool 'How Secure Is My Password?', a strong password is one that meets all of the following criteria…
- A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords.
- A password should include a combination of letters, numbers, and special characters.
- A password shouldn’t be shared with any other account.
- A password shouldn’t include any of the user’s personal information like their address or phone number. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
- A password shouldn’t contain any consecutive letters or numbers.
Of those points, I think it's important to focus on that third one: sharing passwords between accounts is a recipe for disaster.
When you reuse passwords between accounts, you're increasing the exposure of that password to be stolen or cracked. As an example, when professional social media company LinkedIn was breached in 2016, over 164 MILLION users’ passwords were exposed along with their email addresses. Hackers will take email address and password combinations that have leaked and immediately begin trying them against other online sites and services. If you had been reusing your LinkedIn password at the time, you would have also been at risk for other sites utilizing the same password being broken into as well!
You may be thinking to yourself, “How can I possibly be expected to make and remember a unique password for each online account I have?!”
Utilizing a password manager makes this a trivial challenge! Password managers like LastPass, BitWarden, KeePass, and many others can help automate the creation of these secure passwords, and will also provide a secure central repository you can easily reference back to whenever you need to access your online accounts. I myself utilize LastPass, and currently have 208 separate online accounts in my password vault. All of them meet the above requirements, and all I need to remember to access all 208 accounts is the password for my vault itself!
Now, that all said, if you heed my advice and begin to utilize a password manager (and if you already are, give yourself a nice pat on the back!) you will still need to remember one secure, unique password to access your manager with. I'd like to share with you a pretty famous comic in my profession that I think does a great job of explaining a simple way to help create something memorable but still secure.
Using mousetablecarpetsteps as an example (a password that would take one computer randomly guessing your password 400 billion years to crack) , we can make it even stronger by making some additional, easy to remember changes. For example, Mouse-Table-Carpet-Steps1 would take one computer randomly guessing your password 100 OCTILLLION years to crack). You may think 400 billion years is pretty good….and it is! When password attacks are being attempted though, it's often equipment that hundreds of times faster or greater than that single computer we use as a benchmark attempting to crack your password. In short, so as ridiculous as a password that would take 100 octillion years to crack sounds, it's actually passwords with that ridiculous level of strength that will best protect your online accounts!
I'd like to challenge everyone reading this to take an hour of your time to setup a password manager, and to begin changing your online passwords (starting with your FOREVER account) to all meet the above requirements for a secure password! It's especially important to protect your accounts that manage access to your email, financial accounts, and any other sensitive information!
The path to a good online security posture is a journey, but every journey begins with a single step. I encourage you to take your first steps today!