Passwords & 2 Factor Authentication (2FA)


Passwords are hard, and they are getting harder with sites that require lots of upper and lower case characters, multiple special characters and a length of at least 8-10.  I am here to tell you there are better ways to make complicated passwords that are still easy to remember.  Most sites will tell you that creating a password that is very random is best, but it doesn’t have to be truly random, in fact, its best if its not!  It only has to be random for others trying to guess.  So what is the magic formula for creating strong yet easy passwords to remember?  Here it is

Pick a sentence that’s specific to you, such as “my dog is a really big pig”.  Nice, that seems odd, but easy to remember however most places don’t allow spaces and this would be easy for a dictionary brute force attack.  So let’s make a few adjustments “MyD0g!s@reallybigp1g”.  See what I did there?  A few capital letters, changed a few letters to special characters that I can remember and BAM!  That’s a very secure password, but should be easier to remember because, hey my dog is a really big pig.

Another good way to create complicated passwords, is to print out a square sheet of random characters, including special, lower and upper case that has at least a 100 or more characters (like a 10×10 grid, but the more the better.  Try to make it use a lot of different weird characters if possible.  Here is a link to a site that can randomly generate it for you.  How it works is, you remember one of the special characters in the top row and one on the far left column, find the character where the 2 meet and start typing every character from that one, up to however long your password needs to be.  There is your password!  Super random, and you even have the password printed out for you and everyone to see, but only you know where your password is in the big mess of characters!

2 Factor Authentication

Security for computers is important, but the general thinking to keep them and your accounts secure, is to create complicated passwords of length, random numbers and symbols.  This does not mesh well with our inability to remember really complicated passwords with symbols and numbers.  This is where 2FA (2 factor authentication) can help.  It adds an extra layer of security, because not only do you need to have a password (that can be a bit easier to remember) to login, but you also need a 2nd, generally physical piece as well.

There are a few options for 2FA.  Google has had a few for awhile now, such as using your phone as the additional authentication method.  They can either send you a code to your phone through SMS that you enter after putting in your username and password or they even have a new method, where you just hit “Allow” on your phone when you login to your google account (and obviously just deny it when it’s not you).  This works really great for blocking people trying to remotely hack into your account, because it’s a practical impossibility to get the 2nd authentication unless they also steal your phone.

Some other decent methods would be the YubiKey, where you have a physical USB “key” that authenticates with a 3rd party server online to verify your identity.  It also has other options as well, as you can use it to login to windows 10 for example.  Just plug the YubiKey into the USB port, and windows will auto log you in (after the initial setup).  Much easier than trying to remember Passwords.

YubiKey 4 & YubiKey 4 Nano


Bookmark the permalink.

Comments are closed.