Why secure passwords are important.
Recently, Monash University has forced every user across the university’s networks to change their password. This was met with heavy criticism from the student community, result in memes of the enforced password change.
Why am I writing this, because after going around the community, it seems that many people still do not understand why the forced change was important. Don’t worry, I had to change my passwords too, now all my passwords are between 14–24 characters long.
We all know that us, humans are lazy:
- our phone passcodes are typically related to ourselves (like our birthday)
- our passwords are typically weak and everytime we change it we usually just change one character from something like passw0rd to something like pa55w0rd. Just because it is easy to remember.
Passwords/Account Details have been repeatedly hacked or ‘pwned’ from various breaches over the past couple of years. Finding a secure password is really important and many applications like (GitHub) have also integrated the pwned API to check if a password has been pwned and making sure that all passwords are secure. You can see if you have been pwned using the HaveIBeenPwned tool.
Typically, even if a password its not in the top 100,000 password list having less characters in your password is kind of bad. Because if an attacker tries attacking your password by trying all possibilities (brute-force attack) they can keep it more securely, using a password manager to help manage your password can benefit you. For example, my password generator generated: 5K4ChICbbLuEGv, which has a mix of characters and is 14 characters long.
Even a longer phrase can help, like below. (please don’t actually use this, this was an example).
A mix of words like choosing a random colour with animal, etc. can make it much secure. xkcd actually does a nice comic strip about this:
But the most important thing to remember is that, even though changing your behaviour is hard, the guys who help build and manage your apps, networks we want to keep things secure. Because your privacy and keeping your data should always come first.
