In practice, all those rules had made it easier for the bad guy, and harder-and less secure-for the user. Like pounding out more and more miles faster and faster, these looked like gains on paper but undermined the outcome we wanted: a safer and more convenient online experience.Īs this XKCD comic points out, complex password rules actually drive us to create predictable, easy-to-guess passwords (“password1!” anybody?) or find other ways to make things easier on ourselves, e.g., reusing passwords across sites or saving them in spreadsheets or sticky notes. Over the years, our reliance on passwords, and the ease with which our adversaries can defeat those passwords, resulted in a negative feedback loop where users were subjected to increasingly complex, stressful and exhausting composition rules (upper, lower, and special characters, oh my!), increasing length requirements, password rotation requirements, and on and on. This may seem like a forced analogy, but that is the basic approach to change NIST took in rewriting its password guidance. I broke the cycle by having the way I function drive my training, and the results were unambiguously positive. Soon after, I was running longer, faster, more consistently, and with fewer injuries. I changed the cycle to let my emotional and physical conditions dictate my running, not the other way around. Running was supposed to build me up, body and spirit, but I was in a cycle that was tearing both down. Running slower meant more time would pass, so it would get even hotter, so I'd cut off a mile, but doing that made me disappointed in myself, which added to my stress and ended up making me even more exhausted.Īfter a while, I finally realized I wasn't helping myself. Because I was starting later in the morning, it would be hotter, so I'd run a little slower. When I woke up, I’d be exhausted, so I'd sleep in a half hour. I was under a lot of stress, so I had trouble sleeping. A few years ago, I found myself in a really bad rut. And if you do, don't rely on passwords, or even passphrases, alone. Then, I'm going to explain the absolute most important thing to know about passwords: Try not to use them at all. Simply put: Use passphrases, not passwords. This year, I'm focusing on making logging into your accounts easier.įirst, I'm going to share the takeaways from our new password guidance. Go for a passphrase–multiple words strung together–rather than a password this makes it harder for hackers working to crack your password by trying every word in the dictionary.Last year I provided a number of simple steps to lower the risk to your online presence without making your life harder. ![]() You should also avoid picking a single word and changing some of its characters to symbols–hacker tools are sophisticated enough to overcome that trick. Make sure your passphrase is at least eight characters and avoid obviously memorable topics like proper names, birthdays, and hometowns. ![]() For simplicity’s sake I’m going to use one of my favorite dishes, chicken adobo, as our example. Pick a phrase that will be easy to remember, and feel free to be as creative as you like. First, we need a password “base” with a mix of uppercase and lowercase letters, numbers, and even a symbol or two to spice things up. It’s fairly easy to create strong, unique passwords by following a few simple rules. That may be beyond our grasp, but you can get awfully close by using a few simple mnemonic tricks. The perfect password is one you never write down–a unique string of letters, numbers, and symbols that not even you know until the moment you enter it. Using a password manager is a great way to improve your personal security online, but it’s not perfect. LastPass also has a handy plugin for every browser.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |