30DISC – Day 7 – Install a Password Manager

Weekend over, let’s get back into it!

Today’s challenge – Install a Password Manager – Direct Link to Guide Page

System passwords are best when they long, complex, unique and recent. Whilst that sounds like a good list for a relationship, let’s keep the focus on passwords shall we.

The two primary elements of strong password are length and complexity.

Length: the longer a password is, the harder it is to crack. Think of it this way: if you password was only a single number, it would take a maximum of 10 guesses to get it right. If we then made your password two numbers, the difficulty increases by an order of magnitude: it would take a maximum of 100 guesses to get it right. The longer, the stronger.

Complex: Let’s extend the above example, if your password was only a single character but could be a number, letter or special character (think a !,$,# etc), instead of a maximum of 10 guesses, it would take a maximum of 94 guesses. Extend that to password to two characters, and now you’re up to 8,836. The more complex, the stronger.

So how long and how complex a password should you have? Ideally, as long as you are permitted. If a password can be 100 characters long, then make it 100 characters long. How the hell would you remember a password that long? That’s were today’s challenge comes in. But more on that in a moment.

Whilst it’s all well and good to have a 100 character complex password, if you haven’t changed it in 3 years, or have used the same password across multiple accounts, then you’re setting yourself up for a big fall. It only takes a compromise of one of those systems to render your password useless, and open you up to attack across numerous other systems. Regularly changing your password (at a minimum every three months) and following a policy of “one account, one password” significantly increases your protection from hackers trying to steal your password and breaking into your accounts.

How does that work? Well take a look at this little beauty:

That is a password cracking computer – it’s sole purpose is to break encryption and uncover your password. How good is it? Well for the encryption used by many banks, it can try 300,000 passwords per second. (Photo Source Data Source) So yeah, your 6 digit password isn’t going to stand much of a chance. So how do we secure ourselves online?

Use long, complex passwords that we change regularly that are unique to each account. How do you manage all of those passwords then? By using a password manager! Various options exist in the marketplace with different functions, from open source options like Keepass, commercial options like eWallet, or hybrid online/offline solutions like LastPass. You’ll need to decide what works best for you, but if you haven’t already got a password manager, I’d suggest trying LastPass, it’s a good compromise between ease of use and security (and Justin, the creator of the 30DISC, whilst not using it himself, says that it’s ok, and that’s good enough for me.

Geoffrey: I’ve been using a password manager now for about 15 years (when I got my first PDA). I don’t have time to move everything over to LastPass right now, but I think I will do that in the future, particularly so I can also manage my wife’s passwords in a single management account.

Juan, Diana and Priscilla: All three were sans-password manager, so we set them all up on LastPass. Diana really took to it, Juan will take some work I think. Priscilla still isn’t accepting that she can’t use the same 6 character password she’s been using since about 2004. She’s not very happy right now.

Previous Days Here:
Day 0 – Introduction to the Team
Day 1 – Installing Operating System and Application Updates
Day 2 – Set Up A Standard User Account
Day 3 – Review Privacy Settings
Day 4 – Setup Private & Secure Email
Days 5&6 – Weekend Project #1