Written by Adrien Souyris
"Sorry,
your password must be at least 8 characters long, contain a capital letter, a
number, a special character, an inspiring message, a spell, a gang sign, a
hieroglyph and a quantum mechanics equation"
There are three main methods of
proving your identity online:
- Through something you have (for instance, a smartcard)
- Through something you are (entering the realm of biometrics here)
- Through something you know (usually a password)
The latter is the most widely used
means of authentication, being the cheapest to implement and manage. However,
passwords introduce a significant problem:
- A strong password which is difficult to guess, typically being at least 8 characters and containing an upper case, lower case, number, symbol, and being a phrase rather than a word, will be difficult to remember
- A simple password which is easy to remember, either because it is short, contains simple patterns, or is a single word, will be easily guessed by an attacker
- Writing down a password turns it into "something you have" and makes it vulnerable to theft or copying
Passwords are one of the weakest
ways of authenticating yourself but there’s a couple of neat tricks to secure
your accounts, while making your life easier.
Multi-factor authentication
Authentication can be achieved by
using one of the five authentication factors. Multi-factor authentication (MFA)
simply makes use of two or more of the above. But how can we make this work in
a simple manner? Well, nearly anyone can authenticate using "something
they have".
MFA for
mobiles works by asking for a second, six-digit, one-use password each time you
log in to your account.
This password is either:
- Received by text message
- Generated by a smartphone app (such as Google Authenticator)
So, if a cyber criminal attempts to
hack your account, they will be unable to access your data without your phone. Google,
Amazon, and social media accounts support MFA.
Password managers
Instead of writing down passwords,
there is one tool used for remembering strong, complex, lengthy passwords:
password managers.
These
applications act as a secure notebook
for your credentials. With a password manager, you can use more complex
passwords such as @p:[^U5w}cAvA<b4>^G+. The only password you need to
remember is a strong one for your ‘notebook’. Most of these managers can
automatically connect you on any website you return to, and the majority can
also be protected using MFA.
Use passphrases
When password managers are not an
option, an alternative to re-using credentials or having weak passwords is to
use passphrases. Passphrases are usually quotes, expressions, or any memorable series
of words. Passphrases lack complexity but are longer, making it easier for you
to remember but harder for hackers to crack!
