All about Passwords

Passwords and passphrases are often the weakest link in your security posture.

The importance of Passwords

More than ever, the strength and management of your passwords is critical to securing your online presence and confidential data. Irrespective of how robust and sophisticated your security systems are, they can be easily undermined by weak password practices. Advanced password cracking tools, some of which leverage GPU acceleration and utilize rainbow tables, have made it easier than ever to breach weak passwords.


 

Selecting a Password

A strong password acts as the first line of defense against unauthorized access to your sensitive data.
Here are some strategies to ensure that your passwords are secure:

  1. Passphrases
    Consider using passphrases — a sequence of words or other text — which are generally easier to remember and harder to crack than traditional passwords. A good passphrase should be lengthy, unpredictable, and meaningful to you.
     
  2. Character Substitution
    Inject complexity into your passwords or passphrases by incorporating character substitutions. This involves replacing letters with numbers or symbols. For example, 'E' becomes '3', and 'S' becomes '$'.
     
  3. Mnemonics
    Use mnemonic devices to create complex passwords that are still memorable. For example, the phrase "My son was born on 25 September on a cold day!" could become "Mswbo25/Sep/oacd!".
     
  4. Password Generators
    Make use of password generators to create highly secure, random passwords. These tools remove the guesswork and personal bias that often weaken self-generated passwords.
     
 

Storing your Password

Securely storing your passwords is as crucial as creating strong ones. Here's how you can manage this effectively:

  1. Browser Options
    Most modern browsers offer built-in password management solutions. While convenient, ensure that the browser encrypts your passwords and offers E2E encryption if the passwords are synced to your account. Use a different password than the one you use to sync, otherwise the provider likely has access to all your passwords.
     
  2. macOS Keychain
    For Apple users, the macOS Keychain is a system-wide password manager that stores your passwords and account information and automatically fills them in for you. You are able to create completely local keychains that are stored as a file on your Mac or choose to sync with your iCloud account.
     
  3. Third-Party Password Managers
    Consider using a third-party password manager. Some of these offer more robust security features. Preferably, choose one that allows you to host your password database locally, minimizing the risk of cloud-based threats.
     
 

Delegating Access

A highly secure system secured by a strong password will be inaccessible to your loved ones or business partners in the event of your demise, potentially leading to the loss of critical digital assets. It is important to plan for such contingencies without compromising your security.

  1. Cloud Backups
    While cloud backups provide convenience and accessibility, they are not always appropriate for storing highly confidential information due to potential security vulnerabilities. A local, secured backup offers a more appropriate alternative.
     
  2. Local Backups
    Maintain a secure, physical copy of critical passwords in a safe or other secure location that a trusted individual can access if needed. This solution may not be appropriate in all situations due to potential physical events such as flood, fire, theft and burglary. Individuals with physical access may also attempt to access these backups ahead of time.
     
  3. High Security Offline Backups
    Consider using technical means to ensure long term, secure, distributed offline preservation of your password or access key.
    Solutions like Entropy Keycrypt can securely prepare and split a password into multiple shares suitable for printing, etching, or engraving.
    The password can only be reconstructed when a predefined minimum number of these shares are combined.
    Once printed or engraved, these shares are distributed to your trusted circle.
    In the event of your death or incapacitation, consensus of this trusted group is required to reconstruct the original password.