Can I guess your password?

I probably could. Just give me a few billion guesses. Web sites that you log into don’t store your password; they use some cryptographic technique to store a scrambled version of it. When you log in, they scramble the password you enter the same way and compare the scrambled versions. If they match, you’re in.

The problem is lots of those scrambled passwords aren’t stored using the best technology available, and there are huge passwords lists available on the Internet so that someone can start guessing. Even an 8-character password can be guessed through brute force.

Good passwords are nigh impossible to remember, and it’s tough to keep it all straight. What some folks do (myself included sometimes) is to use one password for multiple web sites and services. That means that if your weak scrambled password gets out, then every log in using that same password is now open for identity thieves, email spammers and other malicious actors.

There are a couple of solutions. One of them is to use a scheme whereby you make up passwords that you can remember. Security expert Bruce Schneier has one of those. I use something like Schneier’s approach for my Facebook password and a couple of others, but the best approach for me is to use a password manager. There are several around. These programs use strong encryption to store your passwords, and they can create strong random passwords for you to use. I use one called KeePass, but there are others. One nice thing about KeePass is that you can put the software on a flash drive or a cloud drive, and run it from there. It’s not necessary to install the program on your computer. There are versions for Windows, iOS and Android.

It seems like there are security breaches and hacks happening with increasing frequency. More and more of our data goes online. I do what I can to keep it secure.

About Kevin

Just an old guy with opinions that I like to bounce off other people.

This entry was posted in Technology and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *